source: basicnet/netprogs/tcpwrappers.xml@ 09c3df0

10.0 10.1 11.0 6.0 6.1 6.2 6.2.0 6.2.0-rc1 6.2.0-rc2 6.3 6.3-rc1 6.3-rc2 6.3-rc3 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 ken/refactor-virt krejzi/svn lazarus nosym perl-modules qt5new systemd-11177 systemd-13485 trunk upgradedb xry111/git-date xry111/git-date-for-trunk xry111/git-date-test
Last change on this file since 09c3df0 was 09c3df0, checked in by Randy McMurchy <randy@…>, 17 years ago

Changed the tcp_wrappers instructions to use a sed command instead of a GCC-34 patch

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@3505 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 5.3 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
3 "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY tcpwrappers-download-http "http://files.ichilton.co.uk/nfs/tcp_wrappers_&tcpwrappers-version;.tar.gz">
8 <!ENTITY tcpwrappers-download-ftp "ftp://ftp.porcupine.org/pub/security/tcp_wrappers_&tcpwrappers-version;.tar.gz">
9 <!ENTITY tcpwrappers-md5 "e6fa25f71226d090f34de3f6b122fb5a">
10 <!ENTITY tcpwrappers-size "97 KB">
11 <!ENTITY tcpwrappers-buildsize "1.04 MB">
12 <!ENTITY tcpwrappers-time "0.02 SBU">
13]>
14
15<sect1 id="tcpwrappers" xreflabel="tcpwrappers-&tcpwrappers-version;">
16<sect1info>
17<othername>$LastChangedBy$</othername>
18<date>$Date$</date>
19</sect1info>
20<?dbhtml filename="tcpwrappers.html"?>
21<title>tcpwrappers-&tcpwrappers-version;</title>
22
23<sect2>
24<title>Introduction to <application>tcpwrappers</application></title>
25
26<para>The <application>tcpwrappers</application> package provides daemon
27wrapper programs that report the name of the client requesting network
28services and the requested service.</para>
29
30<sect3><title>Package information</title>
31<itemizedlist spacing='compact'>
32<listitem><para>Download (HTTP): <ulink
33url="&tcpwrappers-download-http;"/></para></listitem>
34<listitem><para>Download (FTP): <ulink
35url="&tcpwrappers-download-ftp;"/></para></listitem>
36<listitem><para>Download MD5 Sum: &tcpwrappers-md5;</para></listitem>
37<listitem><para>Download size: &tcpwrappers-size;</para></listitem>
38<listitem><para>Estimated disk space required:
39&tcpwrappers-buildsize;</para></listitem>
40<listitem><para>Estimated build time:
41&tcpwrappers-time;</para></listitem></itemizedlist>
42</sect3>
43
44<sect3><title>Additional downloads</title>
45<itemizedlist spacing='compact'>
46<listitem><para>Required Patch (Fixes some build issues and adds building of a
47shared library): <ulink
48url="&patch-root;/tcp_wrappers-&tcpwrappers-version;-shared_lib_plus_plus-1.patch"/>
49</para></listitem>
50</itemizedlist>
51</sect3>
52
53</sect2>
54
55<sect2>
56<title>Installation of <application>tcpwrappers</application></title>
57
58<para>Install <application>tcpwrappers</application> with the following
59commands:</para>
60
61<screen><userinput><command>patch -Np1 -i ../tcp_wrappers-&tcpwrappers-version;-shared_lib_plus_plus-1.patch &amp;&amp;
62sed -i -e "s,^extern char \*malloc();,/* &amp; */," scaffold.c
63make REAL_DAEMON_DIR=/usr/sbin STYLE=-DPROCESS_OPTIONS linux &amp;&amp;
64make install</command></userinput></screen>
65
66</sect2>
67
68<sect2>
69<title>Command explanations</title>
70
71<para><command>sed -i -e ... scaffold.c</command>: This command removes an
72obsolete C declaration which causes the build to fail if using
73<application><acronym>GCC</acronym>-3.4.x</application>.</para>
74
75</sect2>
76
77<sect2>
78<title>Configuring <application>tcpwrappers</application></title>
79
80<sect3><title>Config files</title>
81<para><filename>/etc/hosts.allow</filename>,
82<filename>/etc/hosts.deny</filename></para>
83
84<para>File protections: the wrapper, all files used by the wrapper,
85and all directories in the path leading to those files, should be
86accessible but not writable for unprivileged users (mode 755 or mode
87555). Do not install the wrapper set-uid.</para>
88
89<para>Then perform the following edits on the
90<filename>/etc/inetd.conf</filename> configuration file:</para>
91<screen><userinput>finger stream tcp nowait nobody /usr/sbin/in.fingerd in.fingerd</userinput></screen>
92<para>becomes:</para>
93<screen><userinput>finger stream tcp nowait nobody /usr/sbin/tcpd in.fingerd</userinput></screen>
94
95<note><para>The finger server is used as an example here.</para></note>
96
97<para>Similar changes must be made if <application>xinetd</application> is
98used, with the emphasis being on calling <command>/usr/sbin/tcpd</command>
99instead of calling the service daemon directly, and passing the name of the
100service daemon to <command>tcpd</command>.</para>
101</sect3>
102
103</sect2>
104
105<sect2>
106<title>Contents</title>
107
108<para>The <application>tcpwrappers</application> package contains <command>
109tcpd</command>, <command>tcpdchk</command>, <command>tcpdmatch</command>,
110<command>try-from</command>, <command>safe_finger</command> and the
111<filename class='libraryfile'>libwrap</filename> libraries.</para>
112</sect2>
113
114<sect2><title>Description</title>
115
116<sect3><title>tcpd</title>
117<para><command>tcpd</command> is the main access control daemon for all
118Internet services, which <command>inetd</command> or
119<command>xinetd</command> will run instead of running the
120requested service daemon.</para></sect3>
121
122<sect3><title>tcpdchk</title>
123<para><command>tcpdchk</command> is a tool to examine a <command>tcpd</command>
124wrapper configuration and report problems with it.</para></sect3>
125
126<sect3><title>tcpdmatch</title>
127<para><command>tcpdmatch</command> is used to predict how the tcp wrapper
128would handle a specific request for a service.</para></sect3>
129
130<sect3><title>try-from</title>
131<para><command>try-from</command> can be called via a remote shell command to
132find out if the host name and address are properly recognized.</para></sect3>
133
134<sect3><title>safe_finger</title>
135<para><command>safe_finger</command> is a wrapper for the
136<command>finger</command> utility, to provide automatic reverse name
137lookups.</para></sect3>
138
139</sect2>
140
141</sect1>
142
Note: See TracBrowser for help on using the repository browser.