source: basicnet/netprogs/tcpwrappers/tcpwrappers-config.xml@ e80cc95

10.0 10.1 11.0 6.0 6.1 6.2 6.2.0 6.2.0-rc1 6.2.0-rc2 6.3 6.3-rc1 6.3-rc2 6.3-rc3 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 ken/refactor-virt krejzi/svn lazarus nosym perl-modules qt5new systemd-11177 systemd-13485 trunk v1_0 v5_0 v5_0-pre1 v5_1 v5_1-pre1 xry111/git-date xry111/git-date-for-trunk xry111/git-date-test
Last change on this file since e80cc95 was e80cc95, checked in by Larry Lawrence <larry@…>, 19 years ago

config files edit

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@865 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 1.0 KB
Line 
1<sect2>
2<title>Configuring tcpwrappers</title>
3
4<sect3><title>Config files</title>
5<para><filename>/etc/hosts.allow</filename>,
6<filename>/etc/hosts.deny</filename></para>
7
8<para>File protections: the wrapper, all files used by the wrapper,
9and all directories in the path leading to those files, should be
10accessible but not writable for unprivileged users (mode 755 or mode
11555). Do not install the wrapper set-uid.</para>
12
13<para>
14Then perform the following edits on the
15<filename>/etc/inetd.conf</filename> configuration file :
16<screen><userinput>finger stream tcp nowait nobody /usr/sbin/in.fingerd in.fingerd</userinput></screen>
17becomes:
18<screen><userinput>finger stream tcp nowait nobody /usr/sbin/tcpd in.fingerd</userinput></screen></para>
19<note><para>The finger server is used as an example here.</para></note>
20<para>Similar changes must be made if xinetd is used, with the
21emphasis being on calling /usr/sbin/tcpd instead of calling the
22service daemon directly, and passing the name of the service daemon to
23tcpd.</para>
24</sect3>
25
26</sect2>
27
Note: See TracBrowser for help on using the repository browser.