%general-entities; ]> $LastChangedBy$ $Date$ Tcpwrappers The tcpwrappers package provides daemon wrapper programs that report the name of the client requesting network services and the requested service. Download (HTTP): Download (FTP): Download MD5 Sum: &tcpwrappers-md5; Download size: &tcpwrappers-size; Estimated disk space required: &tcpwrappers-buildsize; Estimated build time: &tcpwrappers-time; Required Patch (Fixes some build issues and adds building of a shared library): Install tcpwrappers with the following commands: patch -Np1 -i ../tcp_wrappers-&tcpwrappers-version;-shared_lib_plus_plus-1.patch && sed -i -e "s,^extern char \*malloc();,/* & */," scaffold.c && make REAL_DAEMON_DIR=/usr/sbin STYLE=-DPROCESS_OPTIONS linux && make install sed -i -e ... scaffold.c: This command removes an obsolete C declaration which causes the build to fail if using GCC-3.4.x. /etc/hosts.allow and /etc/hosts.deny /etc/hosts.allow /etc/hosts.deny File protections: the wrapper, all files used by the wrapper, and all directories in the path leading to those files, should be accessible but not writable for unprivileged users (mode 755 or mode 555). Do not install the wrapper set-uid. Then perform the following edits on the /etc/inetd.conf configuration file: /etc/inetd.conf finger stream tcp nowait nobody /usr/sbin/in.fingerd in.fingerd becomes: finger stream tcp nowait nobody /usr/sbin/tcpd in.fingerd The finger server is used as an example here. Similar changes must be made if xinetd is used, with the emphasis being on calling /usr/sbin/tcpd instead of calling the service daemon directly, and passing the name of the service daemon to tcpd. /etc/xinetd.conf Installed Programs Installed Library Installed Directories tcpd, tcpdchk, tcpdmatch, try-from and safe_finger libwrap.[so,a] None Short Descriptions tcpd is the main access control daemon for all Internet services, which inetd or xinetd will run instead of running the requested service daemon. tcpd tcpdchk is a tool to examine a tcpd wrapper configuration and report problems with it. tcpdchk tcpdmatch is used to predict how the TCP wrapper would handle a specific request for a service. tcpdmatch try-from can be called via a remote shell command to find out if the host name and address are properly recognized. try-from safe_finger is a wrapper for the finger utility, to provide automatic reverse name lookups. safe_finger libwrap.[so,a] contains the API functions required by the tcpwrappers programs as well as other programs to become tcpwrappers-aware. libwrap.[so,a]