source: basicnet/netprogs/tcpwrappers.xml@ d47e7ea9

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 6.0 6.1 6.2 6.2.0 6.2.0-rc1 6.2.0-rc2 6.3 6.3-rc1 6.3-rc2 6.3-rc3 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts krejzi/svn lazarus lxqt nosym perl-modules plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition systemd-11177 systemd-13485 trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal
Last change on this file since d47e7ea9 was d47e7ea9, checked in by Bruce Dubbs <bdubbs@…>, 20 years ago

XML Update -- Chapter 18

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@2301 af4574ff-66df-0310-9fd7-8a98e5e911e0
  • Property mode set to 100644
File size: 4.5 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
3 "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY tcpwrappers-download-http "http://files.ichilton.co.uk/nfs/tcp_wrappers_&tcpwrappers-version;.tar.gz">
8 <!ENTITY tcpwrappers-download-ftp "ftp://ftp.porcupine.org/pub/security/tcp_wrappers_7.6.tar.gz">
9 <!ENTITY tcpwrappers-size "100 KB">
10 <!ENTITY tcpwrappers-buildsize "720 KB">
11 <!ENTITY tcpwrappers-time "0.16 SBU">
12]>
13
14<sect1 id="tcpwrappers" xreflabel="tcpwrappers-&tcpwrappers-version;">
15<?dbhtml filename="tcpwrappers.html"?>
16<title>tcpwrappers-&tcpwrappers-version;</title>
17
18<sect2>
19<title>Introduction to <application>tcpwrappers</application></title>
20
21<para>The <application>tcpwrappers</application> package provides daemon
22wrapper programs that report the name of the client requesting network services and the requested service.</para>
23
24<sect3><title>Package information</title>
25<itemizedlist spacing='compact'>
26<listitem><para>Download (HTTP): <ulink
27url="&tcpwrappers-download-http;"/></para></listitem>
28<listitem><para>Download (FTP): <ulink
29url="&tcpwrappers-download-ftp;"/></para></listitem>
30<listitem><para>Download size: &tcpwrappers-size;</para></listitem>
31<listitem><para>Estimated Disk space required:
32&tcpwrappers-buildsize;</para></listitem>
33<listitem><para>Estimated build time:
34&tcpwrappers-time;</para></listitem></itemizedlist>
35</sect3>
36
37<sect3><title>Additional downloads</title>
38<itemizedlist spacing='compact'>
39<listitem><para>Required patch (Fixes some build issues and adds building of a shared library):
40<ulink url="&patch-root;/tcp_wrappers-7.6-shared-lib-plus-plus.patch"/></para></listitem>
41</itemizedlist>
42</sect3>
43
44</sect2>
45
46<sect2>
47<title>Installation of <application>tcpwrappers</application></title>
48
49<para>Install <application>tcpwrappers</application> with the following
50commands:</para>
51
52<screen><userinput><command>patch -Np1 -i ../tcp_wrappers-7.6-shared-lib-plus-plus.patch &amp;&amp;
53make REAL_DAEMON_DIR=/usr/sbin STYLE=-DPROCESS_OPTIONS linux &amp;&amp;
54make install</command></userinput></screen>
55
56</sect2>
57
58<sect2>
59<title>Configuring <application>tcpwrappers</application></title>
60
61<sect3><title>Config files</title>
62<para><filename>/etc/hosts.allow</filename>,
63<filename>/etc/hosts.deny</filename></para>
64
65<para>File protections: the wrapper, all files used by the wrapper,
66and all directories in the path leading to those files, should be
67accessible but not writable for unprivileged users (mode 755 or mode
68555). Do not install the wrapper set-uid.</para>
69
70<para>Then perform the following edits on the
71<filename>/etc/inetd.conf</filename> configuration file:</para>
72<screen><userinput>finger stream tcp nowait nobody /usr/sbin/in.fingerd in.fingerd</userinput></screen>
73<para>becomes:</para>
74<screen><userinput>finger stream tcp nowait nobody /usr/sbin/tcpd in.fingerd</userinput></screen>
75
76<note><para>The finger server is used as an example here.</para></note>
77
78<para>Similar changes must be made if xinetd is used, with the emphasis being
79on calling <command>/usr/sbin/tcpd</command> instead of calling the service
80daemon directly, and passing the name of the service daemon to tcpd.</para>
81</sect3>
82
83</sect2>
84
85<sect2>
86<title>Contents</title>
87
88<para>The <application>tcpwrappers</application> package contains <command>
89tcpd</command>, <command>tcpdchk</command>, <command>tcpdmatch</command>,
90<command>try-from</command> and <command>safe_finger</command>.</para>
91</sect2>
92
93<sect2><title>Description</title>
94
95<sect3><title>tcpd</title>
96<para><command>tcpd</command> is the main access control daemon for all
97Internet services, which <command>inetd</command> or
98<command>xinetd</command> will run instead of running the
99requested service daemon.</para></sect3>
100
101<sect3><title>tcpdchk</title>
102<para><command>tcpdchk</command> is a tool to examine a tcpd wrapper
103configuration and report problems with it.</para></sect3>
104
105<sect3><title>tcpdmatch</title>
106<para><command>tcpdmatch</command> is used to predict how the tcp wrapper
107would handle a specific request for a service.</para></sect3>
108
109<sect3><title>try-from</title>
110<para><command>try-from</command> can be called via a remote shell command to
111find out if the host name and address are properly recognized.</para></sect3>
112
113<sect3><title>safe_finger</title>
114<para><command>safe_finger</command> is a wrapper for the <command>finger
115</command> utility, to provide automatic reverse name lookups.</para></sect3>
116
117</sect2>
118
119</sect1>
120
Note: See TracBrowser for help on using the repository browser.