10.0
10.1
11.0
11.1
11.2
11.3
12.0
12.1
6.0
6.1
6.2
6.2.0
6.2.0-rc1
6.2.0-rc2
6.3
6.3-rc1
6.3-rc2
6.3-rc3
7.10
7.4
7.5
7.6
7.6-blfs
7.6-systemd
7.7
7.8
7.9
8.0
8.1
8.2
8.3
8.4
9.0
9.1
basic
bdubbs/svn
elogind
gnome
kde5-13430
kde5-14269
kde5-14686
kea
ken/TL2024
ken/inkscape-core-mods
ken/tuningfonts
krejzi/svn
lazarus
lxqt
nosym
perl-modules
plabs/newcss
plabs/python-mods
python3.11
qt5new
rahul/power-profiles-daemon
renodr/vulkan-addition
systemd-11177
systemd-13485
trunk
upgradedb
v5_0
v5_1
v5_1-pre1
xry111/intltool
xry111/llvm18
xry111/soup3
xry111/test-20220226
xry111/xf86-video-removal
|
Last change
on this file since a4acd463 was a4acd463, checked in by Larry Lawrence <larry@…>, 21 years ago |
|
whitespace patches, bootdisk patch
git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@1384 af4574ff-66df-0310-9fd7-8a98e5e911e0
|
-
Property mode
set to
100644
|
|
File size:
1.1 KB
|
| Line | |
|---|
| 1 | <sect2>
|
|---|
| 2 | <title>Configuring <application>tcpwrappers</application></title>
|
|---|
| 3 |
|
|---|
| 4 | <sect3><title>Config files</title>
|
|---|
| 5 | <para><filename>/etc/hosts.allow</filename>,
|
|---|
| 6 | <filename>/etc/hosts.deny</filename></para>
|
|---|
| 7 |
|
|---|
| 8 | <para>File protections: the wrapper, all files used by the wrapper,
|
|---|
| 9 | and all directories in the path leading to those files, should be
|
|---|
| 10 | accessible but not writable for unprivileged users (mode 755 or mode
|
|---|
| 11 | 555). Do not install the wrapper set-uid.</para>
|
|---|
| 12 |
|
|---|
| 13 | <para>Then perform the following edits on the
|
|---|
| 14 | <filename>/etc/inetd.conf</filename> configuration file:</para>
|
|---|
| 15 | <screen><userinput>finger stream tcp nowait nobody /usr/sbin/in.fingerd in.fingerd</userinput></screen>
|
|---|
| 16 | <para>becomes:</para>
|
|---|
| 17 | <screen><userinput>finger stream tcp nowait nobody /usr/sbin/tcpd in.fingerd</userinput></screen>
|
|---|
| 18 |
|
|---|
| 19 | <note><para>The finger server is used as an example here.</para></note>
|
|---|
| 20 |
|
|---|
| 21 | <para>Similar changes must be made if xinetd is used, with the emphasis being
|
|---|
| 22 | on calling <command>/usr/sbin/tcpd</command> instead of calling the service
|
|---|
| 23 | daemon directly, and passing the name of the service daemon to tcpd.</para>
|
|---|
| 24 | </sect3>
|
|---|
| 25 |
|
|---|
| 26 | </sect2>
|
|---|
| 27 |
|
|---|
Note:
See
TracBrowser
for help on using the repository browser.
