source: basicnet/netprogs/tcpwrappers.xml@ b1623c2

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 6.0 6.1 6.2 6.2.0 6.2.0-rc1 6.2.0-rc2 6.3 6.3-rc1 6.3-rc2 6.3-rc3 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts krejzi/svn lazarus lxqt nosym perl-modules plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition systemd-11177 systemd-13485 trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal
Last change on this file since b1623c2 was b1623c2, checked in by Randy McMurchy <randy@…>, 20 years ago

more package patch renaming

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@2376 af4574ff-66df-0310-9fd7-8a98e5e911e0
  • Property mode set to 100644
File size: 4.5 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
3 "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY tcpwrappers-download-http "http://files.ichilton.co.uk/nfs/tcp_wrappers_&tcpwrappers-version;.tar.gz">
8 <!ENTITY tcpwrappers-download-ftp "ftp://ftp.porcupine.org/pub/security/tcp_wrappers_7.6.tar.gz">
9 <!ENTITY tcpwrappers-size "100 KB">
10 <!ENTITY tcpwrappers-buildsize "720 KB">
11 <!ENTITY tcpwrappers-time "0.16 SBU">
12]>
13
14<sect1 id="tcpwrappers" xreflabel="tcpwrappers-&tcpwrappers-version;">
15<?dbhtml filename="tcpwrappers.html"?>
16<title>tcpwrappers-&tcpwrappers-version;</title>
17
18<sect2>
19<title>Introduction to <application>tcpwrappers</application></title>
20
21<para>The <application>tcpwrappers</application> package provides daemon
22wrapper programs that report the name of the client requesting network
23services and the requested service.</para>
24
25<sect3><title>Package information</title>
26<itemizedlist spacing='compact'>
27<listitem><para>Download (HTTP): <ulink
28url="&tcpwrappers-download-http;"/></para></listitem>
29<listitem><para>Download (FTP): <ulink
30url="&tcpwrappers-download-ftp;"/></para></listitem>
31<listitem><para>Download size: &tcpwrappers-size;</para></listitem>
32<listitem><para>Estimated Disk space required:
33&tcpwrappers-buildsize;</para></listitem>
34<listitem><para>Estimated build time:
35&tcpwrappers-time;</para></listitem></itemizedlist>
36</sect3>
37
38<sect3><title>Additional downloads</title>
39<itemizedlist spacing='compact'>
40<listitem><para>Required patch (Fixes some build issues and adds building of a shared library):
41<ulink url="&patch-root;/tcp_wrappers-7.6-shared_lib_plus_plus-1.patch"/></para></listitem>
42</itemizedlist>
43</sect3>
44
45</sect2>
46
47<sect2>
48<title>Installation of <application>tcpwrappers</application></title>
49
50<para>Install <application>tcpwrappers</application> with the following
51commands:</para>
52
53<screen><userinput><command>patch -Np1 -i ../tcp_wrappers-7.6-shared_lib_plus_plus-1.patch &amp;&amp;
54make REAL_DAEMON_DIR=/usr/sbin STYLE=-DPROCESS_OPTIONS linux &amp;&amp;
55make install</command></userinput></screen>
56
57</sect2>
58
59<sect2>
60<title>Configuring <application>tcpwrappers</application></title>
61
62<sect3><title>Config files</title>
63<para><filename>/etc/hosts.allow</filename>,
64<filename>/etc/hosts.deny</filename></para>
65
66<para>File protections: the wrapper, all files used by the wrapper,
67and all directories in the path leading to those files, should be
68accessible but not writable for unprivileged users (mode 755 or mode
69555). Do not install the wrapper set-uid.</para>
70
71<para>Then perform the following edits on the
72<filename>/etc/inetd.conf</filename> configuration file:</para>
73<screen><userinput>finger stream tcp nowait nobody /usr/sbin/in.fingerd in.fingerd</userinput></screen>
74<para>becomes:</para>
75<screen><userinput>finger stream tcp nowait nobody /usr/sbin/tcpd in.fingerd</userinput></screen>
76
77<note><para>The finger server is used as an example here.</para></note>
78
79<para>Similar changes must be made if xinetd is used, with the emphasis being
80on calling <command>/usr/sbin/tcpd</command> instead of calling the service
81daemon directly, and passing the name of the service daemon to tcpd.</para>
82</sect3>
83
84</sect2>
85
86<sect2>
87<title>Contents</title>
88
89<para>The <application>tcpwrappers</application> package contains <command>
90tcpd</command>, <command>tcpdchk</command>, <command>tcpdmatch</command>,
91<command>try-from</command> and <command>safe_finger</command>.</para>
92</sect2>
93
94<sect2><title>Description</title>
95
96<sect3><title>tcpd</title>
97<para><command>tcpd</command> is the main access control daemon for all
98Internet services, which <command>inetd</command> or
99<command>xinetd</command> will run instead of running the
100requested service daemon.</para></sect3>
101
102<sect3><title>tcpdchk</title>
103<para><command>tcpdchk</command> is a tool to examine a tcpd wrapper
104configuration and report problems with it.</para></sect3>
105
106<sect3><title>tcpdmatch</title>
107<para><command>tcpdmatch</command> is used to predict how the tcp wrapper
108would handle a specific request for a service.</para></sect3>
109
110<sect3><title>try-from</title>
111<para><command>try-from</command> can be called via a remote shell command to
112find out if the host name and address are properly recognized.</para></sect3>
113
114<sect3><title>safe_finger</title>
115<para><command>safe_finger</command> is a wrapper for the <command>finger
116</command> utility, to provide automatic reverse name lookups.</para></sect3>
117
118</sect2>
119
120</sect1>
121
Note: See TracBrowser for help on using the repository browser.