Não é possível fazer backup da configuração da Cisco com o tftp

4

Eu recebo o seguinte erro:

SW-AL710-1#copy running-config tftp:
Address or name of remote host []? 10.0.1.130
Destination filename [sw-al710-1-confg]?
%Error opening tftp://10.0.1.130/sw-al710-1-confg (Timed out)

Esta é minha configuração:

more /etc/xinetd.d/tftp 
socket_type             = dgram
protocol                = udp
wait                    = yes
user                    = root
server                  = /usr/sbin/in.tftpd
server_args             = -s /var/lib/tftpboot -vvv
disable                 = no
per_source              = 11
cps                     = 100 2
flags                   = IPv4

Meu servidor tftp é executado:

ps ax | grep tftp
2532 ?        Ss     0:00 in.tftpd -s /var/lib/tftpboot -vvv

E meu xinetd também funciona:

service xinetd status
xinetd (pid  2483) is running...

netstat -unlp | grep xinetd
udp        0      0 0.0.0.0:69       0.0.0.0:*      2483/xinetd                  

O arquivo de configuração necessário está em seu lugar:

ls -lZ /var/lib/tftpboot/
-rwxrwxrwx. root   root unconfined_u:object_r:tftpdir_rw_t:s0 sw-al710-1-confg

Permissões e outras configurações parecem corretas:

 chkconfig --list  | grep tftp
    tftp:           on

ls -lad /var/lib/tftpboot/
drwxrwxrwx. 2 root root 4096 Feb 13 12:31 /var/lib/tftpboot/

getsebool -a | grep -i tftp
tftp_anon_write --> on

Testando a conexão com um tcpdump, recebo a seguinte saída:

tcpdump port 69 -vv
tcpdump: listening on eth3, link-type EN10MB (Ethernet), capture size      65535 bytes
12:34:42.400626 IP (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto     UDP (17), length 53)
10.0.1.223.60291 > NOC1.tftp: [udp sum ok]  25 WRQ "sw-al710-1-confg"  octet
12:34:46.394984 IP (tos 0x0, ttl 255, id 1, offset 0, flags [none], proto UDP (17), length 53)
10.0.1.223.60291 > NOC1.tftp: [udp sum ok]  25 WRQ "sw-al710-1-confg" octet

more  /etc/hosts.allow
# hosts.allow   This file contains access rules which are used to
#               allow or deny connections to network services that
#               either use the tcp_wrappers library or that have been
#               started through a tcp_wrappers-enabled xinetd.
#
#               See 'man 5 hosts_options' and 'man 5 hosts_access'
#               for information on rule syntax.
#               See 'man tcpd' for information on tcp_wrappers
#
 more  /etc/hosts.deny
#
# hosts.deny    This file contains access rules which are used to
#               deny connections to network services that either use
#               the tcp_wrappers library or that have been
#               started through a tcp_wrappers-enabled xinetd.
#
#               The rules in this file can also be set up in
#               /etc/hosts.allow with a 'deny' option instead.
#
#               See 'man 5 hosts_options' and 'man 5 hosts_access'
#               for information on rule syntax.
#               See 'man tcpd' for information on tcp_wrappers

audit.log

type=AVC msg=audit(1488191076.406:200525): avc:  denied  { write } for      pid=22689 comm="in.tftpd" name="config.text" dev=dm-0 ino=5373954  scontext=unconfined_u:system_r:tftpd_t:s0-s0:c0.c1023  tcontext=unconfined_u:object_r:default_t:s0 tclass=file
type=AVC msg=audit(1488191076.406:200525): avc:  denied  { open } for  pid=22689 comm="in.tftpd" name="config.text" dev=dm-0 ino=5373954 scontext=unconfined_u:system_r:tftpd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:default_t:s0 tclass=file
type=SYSCALL msg=audit(1488191076.406:200525): arch=c000003e syscall=2 success=yes exit=1 a0=608e22 a1=241 a2=1b6 a3=4000 items=0 ppid=22509 pid=22689 auid=503 uid=99 gid=99 euid=99 suid=99 fsuid=99 egid=99 sgid=99 fsgid=99 tty=(none) ses=32555 comm="in.tftpd" exe="/usr/sbin/in.tftpd" subj=unconfined_u:system_r:tftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1488191076.406:200526): avc:  denied  { getattr } for  pid=22689 comm="in.tftpd" path="/config.text" dev=dm-0 ino=5373954 scontext=unconfined_u:system_r:tftpd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:default_t:s0 tclass=file
type=SYSCALL msg=audit(1488191076.406:200526): arch=c000003e syscall=5 success=yes exit=0 a0=1 a1=7fffbd7827b0 a2=7fffbd7827b0 a3=4000 items=0 ppid=22509 pid=22689 auid=503 uid=99 gid=99 euid=99 suid=99 fsuid=99 egid=99 sgid=99 fsgid=99 tty=(none) ses=32555 comm="in.tftpd" exe="/usr/sbin/in.tftpd" subj=unconfined_u:system_r:tftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1488191355.130:200527): avc:  denied  { write } for  pid=22726 comm="in.tftpd" name="config.text" dev=dm-0 ino=5373954 scontext=unconfined_u:system_r:tftpd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:tftpdir_t:s0 tclass=file
type=SYSCALL msg=audit(1488191355.130:200527): arch=c000003e syscall=2 success=yes exit=1 a0=608e22 a1=241 a2=1b6 a3=4000 items=0 ppid=22509 pid=22726 auid=503 uid=99 gid=99 euid=99 suid=99 fsuid=99 egid=99 sgid=99 fsgid=99 tty=(none) ses=32555 comm="in.tftpd" exe="/usr/sbin/in.tftpd" subj=unconfined_u:system_r:tftpd_t:s0-s0:c0.c1023 key=(null)

Qual pode ser o motivo, como consertar isso?

    
por Mishgun 14.02.2017 / 10:36

0 respostas