10.0
10.1
11.0
11.1
11.2
11.3
12.0
12.1
12.2
6.0
6.1
6.2
6.2.0
6.2.0-rc1
6.2.0-rc2
6.3
6.3-rc1
6.3-rc2
6.3-rc3
7.10
7.4
7.5
7.6
7.6-blfs
7.6-systemd
7.7
7.8
7.9
8.0
8.1
8.2
8.3
8.4
9.0
9.1
basic
bdubbs/svn
elogind
gimp3
gnome
kde5-13430
kde5-14269
kde5-14686
kea
ken/TL2024
ken/inkscape-core-mods
ken/tuningfonts
krejzi/svn
lazarus
lxqt
nosym
perl-modules
plabs/newcss
plabs/python-mods
python3.11
qt5new
rahul/power-profiles-daemon
renodr/vulkan-addition
systemd-11177
systemd-13485
trunk
upgradedb
v1_0
v5_0
v5_0-pre1
v5_1
v5_1-pre1
xry111/for-12.3
xry111/intltool
xry111/llvm18
xry111/soup3
xry111/spidermonkey128
xry111/test-20220226
xry111/xf86-video-removal
Last change
on this file since 1c931a15 was 9905a3c, checked in by Bruce Dubbs <bdubbs@…>, 22 years ago |
Added openldap and fixed numereous typos
git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@638 af4574ff-66df-0310-9fd7-8a98e5e911e0
|
-
Property mode
set to
100644
|
File size:
1.0 KB
|
Line | |
---|
1 | <sect2>
|
---|
2 | <title>Configuring tcpwrappers</title>
|
---|
3 |
|
---|
4 | <sect3><title>Config files</title>
|
---|
5 | <para><userinput>/etc/hosts.allow, /etc/hosts.deny,
|
---|
6 | </userinput></para>
|
---|
7 |
|
---|
8 | <para>File protections: the wrapper, all files used by the wrapper,
|
---|
9 | and all directories in the path leading to those files, should be
|
---|
10 | accessible but not writable for unprivileged users (mode 755 or mode
|
---|
11 | 555). Do not install the wrapper set-uid.</para>
|
---|
12 |
|
---|
13 | <para>
|
---|
14 | Then perform the following edits on the
|
---|
15 | <filename>/etc/inetd.conf</filename> configuration file :
|
---|
16 | <screen><userinput>
|
---|
17 | finger stream tcp nowait nobody /usr/sbin/in.fingerd in.fingerd
|
---|
18 | </userinput></screen>
|
---|
19 | becomes:
|
---|
20 | <screen><userinput>
|
---|
21 | finger stream tcp nowait nobody /usr/sbin/tcpd in.fingerd
|
---|
22 | </userinput></screen></para>
|
---|
23 | <note><para>The finger server is used as an example here.</para></note>
|
---|
24 | <para>Similar changes must be made if xinetd is used, with the
|
---|
25 | emphasis being on calling /usr/sbin/tcpd instead of calling the
|
---|
26 | service daemon directly, and passing the name of the service daemon to
|
---|
27 | tcpd.</para>
|
---|
28 | </sect3>
|
---|
29 |
|
---|
30 | </sect2>
|
---|
31 |
|
---|
Note:
See
TracBrowser
for help on using the repository browser.