Context Navigation

-              r11a05ad
+              r0d1d489
   <!ENTITY tcpwrappers-download-http "http://files.ichilton.co.uk/nfs/tcp_wrappers_&tcpwrappers-version;.tar.gz">
   <!ENTITY tcpwrappers-download-ftp  "ftp://ftp.porcupine.org/pub/security/tcp_wrappers_&tcpwrappers-version;.tar.gz">
   <!ENTITY tcpwrappers-md5           "e6fa25f71226d090f34de3f6b122fb5a">
+  <!ENTITY tcpwrappers-md5sum        "e6fa25f71226d090f34de3f6b122fb5a">
   <!ENTITY tcpwrappers-size          "97 KB">
   <!ENTITY tcpwrappers-buildsize     "1.09 MB">
 …
 <sect1 id="tcpwrappers" xreflabel="tcpwrappers-&tcpwrappers-version;">
+<sect1info>
+<othername>$LastChangedBy$</othername>
+<date>$Date$</date>
+</sect1info>
+<?dbhtml filename="tcpwrappers.html"?>
+<title>tcpwrappers-&tcpwrappers-version;</title>
+<indexterm zone="tcpwrappers">
+<primary sortas="a-Tcpwrappers">Tcpwrappers</primary></indexterm>
+<sect2>
+<title>Introduction to <application>tcpwrappers</application></title>
+<para>The <application>tcpwrappers</application> package provides daemon
+wrapper programs that report the name of the client requesting network
+services and the requested service.</para>
+<sect3><title>Package information</title>
+<itemizedlist spacing='compact'>
+<listitem><para>Download (HTTP): <ulink
+url="&tcpwrappers-download-http;"/></para></listitem>
+<listitem><para>Download (FTP): <ulink
+url="&tcpwrappers-download-ftp;"/></para></listitem>
+<listitem><para>Download MD5 Sum: &tcpwrappers-md5;</para></listitem>
+<listitem><para>Download size: &tcpwrappers-size;</para></listitem>
+<listitem><para>Estimated disk space required:
+&tcpwrappers-buildsize;</para></listitem>
+<listitem><para>Estimated build time:
+&tcpwrappers-time;</para></listitem></itemizedlist>
+</sect3>
+<sect3><title>Additional downloads</title>
+<itemizedlist spacing='compact'>
+<listitem><para>Required Patch (Fixes some build issues and adds building of a
+shared library): <ulink
+url="&patch-root;/tcp_wrappers-&tcpwrappers-version;-shared_lib_plus_plus-1.patch"/>
+</para></listitem>
+</itemizedlist>
+</sect3>
+</sect2>
+<sect2>
+<title>Installation of <application>tcpwrappers</application></title>
+<para>Install <application>tcpwrappers</application> with the following
+commands:</para>
+<screen><userinput><command>patch -Np1 -i ../tcp_wrappers-&tcpwrappers-version;-shared_lib_plus_plus-1.patch &amp;&amp;
+  <?dbhtml filename="tcpwrappers.html"?>
+  <sect1info>
+    <othername>$LastChangedBy$</othername>
+    <date>$Date$</date>
+  </sect1info>
+  <title>Tcpwrappers-&tcpwrappers-version;</title>
+  <indexterm zone="tcpwrappers">
+   <primary sortas="a-Tcpwrappers">Tcpwrappers</primary>
+  </indexterm>
+  <sect2 role="package">
+    <title>Introduction to Tcpwrappers</title>
+      <para>The <application>tcpwrappers</application> package provides daemon
+      wrapper programs that report the name of the client requesting network
+      services and the requested service.</para>
+    <bridgehead renderas="sect3">Package Information</bridgehead>
+    <itemizedlist spacing="compact">
+      <listitem>
+        <para>Download (HTTP): <ulink url="&tcpwrappers-download-http;"/></para>
+      </listitem>
+      <listitem>
+        <para>Download (FTP): <ulink url="&tcpwrappers-download-ftp;"/></para>
+      </listitem>
+      <listitem>
+        <para>Download MD5 sum: &tcpwrappers-md5sum;</para>
+      </listitem>
+      <listitem>
+        <para>Download size: &tcpwrappers-size;</para>
+      </listitem>
+      <listitem>
+        <para>Estimated disk space required: &tcpwrappers-buildsize;</para>
+      </listitem>
+      <listitem>
+        <para>Estimated build time: &tcpwrappers-time;</para></listitem>
+    </itemizedlist>
+    <bridgehead renderas="sect3">Additional Downloads</bridgehead>
+    <itemizedlist spacing='compact'>
+      <listitem>
+        <para>Required Patch (Fixes some build issues and adds building of a
+        shared library): <ulink
+        url="&patch-root;/tcp_wrappers-&tcpwrappers-version;-shared_lib_plus_plus-1.patch"/></para>
+      </listitem>
+    </itemizedlist>
+  </sect2>
+  <sect2 role="installation">
+    <title>Installation of Tcpwrappers</title>
+    <para>Install <application>tcpwrappers</application> with the following
+    commands:</para>
+<screen><userinput>patch -Np1 -i ../tcp_wrappers-&tcpwrappers-version;-shared_lib_plus_plus-1.patch &amp;&amp;
 sed -i -e "s,^extern char \*malloc();,/* &amp; */," scaffold.c &amp;&amp;
+make REAL_DAEMON_DIR=/usr/sbin STYLE=-DPROCESS_OPTIONS linux</command></userinput></screen>
+<para>Now, as the root user:</para>
+<screen><userinput role='root'><command>make install</command></userinput></screen>
+</sect2>
+<sect2>
+<title>Command explanations</title>
+<para><command>sed -i -e ... scaffold.c</command>: This command removes an
+obsolete C declaration which causes the build to fail if using
+<application><acronym>GCC</acronym>-3.4.x</application>.</para>
+</sect2>
+<sect2>
+<title>Configuring <application>tcpwrappers</application></title>
+<sect3 id="tcpwrappers-config"><title>Config files</title>
+<para><filename>/etc/hosts.allow</filename> and
+<filename>/etc/hosts.deny</filename></para>
+<indexterm zone="tcpwrappers tcpwrappers-config">
+<primary sortas="e-etc-hosts.allow">/etc/hosts.allow</primary></indexterm>
+<indexterm zone="tcpwrappers tcpwrappers-config">
+<primary sortas="e-etc-hosts.deny">/etc/hosts.deny</primary></indexterm>
+<para>File protections: the wrapper, all files used by the wrapper,
+and all directories in the path leading to those files, should be
+accessible but not writable for unprivileged users (mode 755 or mode
+). Do not install the wrapper set-uid.</para>
+<para>As the root user, perform the following edits on the
+<filename>/etc/inetd.conf</filename> configuration file:</para>
+<indexterm zone="tcpwrappers tcpwrappers-config">
+<primary sortas="e-etc-inetd.conf">/etc/inetd.conf</primary></indexterm>
+<screen><userinput role='root'>finger stream tcp nowait nobody /usr/sbin/in.fingerd in.fingerd</userinput></screen>
+<para>becomes:</para>
+<screen><userinput role='root'>finger stream tcp nowait nobody /usr/sbin/tcpd in.fingerd</userinput></screen>
+<note><para>The finger server is used as an example here.</para></note>
+<para>Similar changes must be made if <application>xinetd</application> is
+used, with the emphasis being on calling <command>/usr/sbin/tcpd</command>
+instead of calling the service daemon directly, and passing the name of the
+service daemon to <command>tcpd</command>.</para>
+<indexterm zone="tcpwrappers tcpwrappers-config">
+<primary sortas="e-etc-xinetd.conf">/etc/xinetd.conf</primary></indexterm>
+</sect3>
+</sect2>
+<sect2>
+<title>Contents</title>
+<segmentedlist>
+<segtitle>Installed Programs</segtitle>
+<segtitle>Installed Library</segtitle>
+<segtitle>Installed Directories</segtitle>
+<seglistitem>
+<seg>tcpd, tcpdchk, tcpdmatch, try-from and safe_finger</seg>
+<seg>libwrap.[so,a]</seg>
+<seg>None</seg>
+</seglistitem>
+</segmentedlist>
+<variablelist>
+<bridgehead renderas="sect3">Short Descriptions</bridgehead>
+<?dbfo list-presentation="list"?>
+<varlistentry id="tcpd">
+<term><command>tcpd</command></term>
+<listitem><para>is the main access control daemon for all Internet services,
+which <command>inetd</command> or <command>xinetd</command> will run instead
+of running the requested service daemon.</para>
+<indexterm zone="tcpwrappers tcpd">
+<primary sortas="b-tcpd">tcpd</primary>
+</indexterm></listitem>
+</varlistentry>
+<varlistentry id="tcpdchk">
+<term><command>tcpdchk</command></term>
+<listitem><para>is a tool to examine a <command>tcpd</command> wrapper
+configuration and report problems with it.</para>
+<indexterm zone="tcpwrappers tcpdchk">
+<primary sortas="b-tcpdchk">tcpdchk</primary>
+</indexterm></listitem>
+</varlistentry>
+<varlistentry id="tcpdmatch">
+<term><command>tcpdmatch</command></term>
+<listitem><para>is used to predict how the <acronym>TCP</acronym> wrapper
+would handle a specific request for a service.</para>
+<indexterm zone="tcpwrappers tcpdmatch">
+<primary sortas="b-tcpdmatch">tcpdmatch</primary>
+</indexterm></listitem>
+</varlistentry>
+<varlistentry id="try-from">
+<term><command>try-from</command></term>
+<listitem><para>can be called via a remote shell command to find out if the
+host name and address are properly recognized.</para>
+<indexterm zone="tcpwrappers try-from">
+<primary sortas="b-try-from">try-from</primary>
+</indexterm></listitem>
+</varlistentry>
+<varlistentry id="safe_finger">
+<term><command>safe_finger</command></term>
+<listitem><para>is a wrapper for the <command>finger</command> utility, to
+provide automatic reverse name lookups.</para>
+<indexterm zone="tcpwrappers safe_finger">
+<primary sortas="b-safe_finger">safe_finger</primary>
+</indexterm></listitem>
+</varlistentry>
+<varlistentry id="libwrap">
+<term><filename class='libraryfile'>libwrap.[so,a]</filename></term>
+<listitem><para>contains the <acronym>API</acronym> functions required by
+the <application>tcpwrappers</application> programs as well as other programs
+to become <quote><application>tcpwrappers</application>-aware</quote>.</para>
+<indexterm zone="tcpwrappers libwrap">
+<primary sortas="c-libwrap">libwrap.[so,a]</primary>
+</indexterm></listitem>
+</varlistentry>
+</variablelist>
+</sect2>
+make REAL_DAEMON_DIR=/usr/sbin STYLE=-DPROCESS_OPTIONS linux</userinput></screen>
+    <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
+<screen role="root"><userinput>make install</userinput></screen>
+  </sect2>
+  <sect2 role="commands">
+    <title>Command Explanations</title>
+    <para><command>sed -i -e ... scaffold.c</command>: This command removes an
+    obsolete C declaration which causes the build to fail if using
+    <application>GCC-3.4.x</application>.</para>
+  </sect2>
+  <sect2 role="configuration">
+    <title>Configuring Tcpwrappers</title>
+    <sect3 id="tcpwrappers-config">
+      <title>Config Files</title>
+      <para><filename>/etc/hosts.allow</filename> and
+      <filename>/etc/hosts.deny</filename></para>
+      <indexterm zone="tcpwrappers tcpwrappers-config">
+        <primary sortas="e-etc-hosts.allow">/etc/hosts.allow</primary>
+      </indexterm>
+      <indexterm zone="tcpwrappers tcpwrappers-config">
+        <primary sortas="e-etc-hosts.deny">/etc/hosts.deny</primary>
+      </indexterm>
+      <para>File protections: the wrapper, all files used by the wrapper,
+      and all directories in the path leading to those files, should be
+      accessible but not writable for unprivileged users (mode 755 or mode
+). Do not install the wrapper set-uid.</para>
+      <para>As the <systemitem class="username">root</systemitem> user,
+      perform the following edits on the
+      <filename>/etc/inetd.conf</filename> configuration file:</para>
+      <indexterm zone="tcpwrappers tcpwrappers-config">
+        <primary sortas="e-etc-inetd.conf">/etc/inetd.conf</primary>
+      </indexterm>
+<screen><literal>finger stream tcp nowait nobody /usr/sbin/in.fingerd in.fingerd</literal></screen>
+      <para>becomes:</para>
+<screen><literal>finger stream tcp nowait nobody /usr/sbin/tcpd in.fingerd</literal></screen>
+      <note>
+        <para>The <command>finger</command> server is used as an example here.</para>
+      </note>
+      <para>Similar changes must be made if <application>xinetd</application> is
+      used, with the emphasis being on calling <command>/usr/sbin/tcpd</command>
+      instead of calling the service daemon directly, and passing the name of the
+      service daemon to <command>tcpd</command>.</para>
+      <indexterm zone="tcpwrappers tcpwrappers-config">
+        <primary sortas="e-etc-xinetd.conf">/etc/xinetd.conf</primary>
+      </indexterm>
+    </sect3>
+  </sect2>
+  <sect2 role="content">
+    <title>Contents</title>
+    <segmentedlist>
+      <segtitle>Installed Programs</segtitle>
+      <segtitle>Installed Library</segtitle>
+      <segtitle>Installed Directories</segtitle>
+      <seglistitem>
+        <seg>tcpd, tcpdchk, tcpdmatch, try-from, and safe_finger</seg>
+        <seg>libwrap.[so,a]</seg>
+        <seg>None</seg>
+      </seglistitem>
+    </segmentedlist>
+    <variablelist>
+      <bridgehead renderas="sect3">Short Descriptions</bridgehead>
+      <?dbfo list-presentation="list"?>
+      <?dbhtml list-presentation="table"?>
+      <varlistentry id="tcpd">
+        <term><command>tcpd</command></term>
+        <listitem>
+          <para>is the main access control daemon for all Internet services,
+          which <command>inetd</command> or <command>xinetd</command>
+          will run instead of running the requested service daemon.</para>
+          <indexterm zone="tcpwrappers tcpd">
+            <primary sortas="b-tcpd">tcpd</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+      <varlistentry id="tcpdchk">
+        <term><command>tcpdchk</command></term>
+        <listitem>
+          <para>is a tool to examine a <command>tcpd</command> wrapper
+          configuration and report problems with it.</para>
+          <indexterm zone="tcpwrappers tcpdchk">
+            <primary sortas="b-tcpdchk">tcpdchk</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+      <varlistentry id="tcpdmatch">
+        <term><command>tcpdmatch</command></term>
+        <listitem>
+          <para>is used to predict how the TCP wrapper
+          would handle a specific request for a service.</para>
+          <indexterm zone="tcpwrappers tcpdmatch">
+            <primary sortas="b-tcpdmatch">tcpdmatch</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+      <varlistentry id="try-from">
+        <term><command>try-from</command></term>
+        <listitem>
+          <para>can be called via a remote shell command to find out if the
+          host name and address are properly recognized.</para>
+          <indexterm zone="tcpwrappers try-from">
+            <primary sortas="b-try-from">try-from</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+      <varlistentry id="safe_finger">
+        <term><command>safe_finger</command></term>
+        <listitem>
+          <para>is a wrapper for the <command>finger</command> utility, to
+          provide automatic reverse name lookups.</para>
+          <indexterm zone="tcpwrappers safe_finger">
+            <primary sortas="b-safe_finger">safe_finger</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+      <varlistentry id="libwrap">
+        <term><filename class='libraryfile'>libwrap.[so,a]</filename></term>
+        <listitem>
+          <para>contains the API functions required by
+          the <application>tcpwrappers</application> programs as well as other programs
+          to become <quote><application>tcpwrappers</application>-aware</quote>.</para>
+          <indexterm zone="tcpwrappers libwrap">
+            <primary sortas="c-libwrap">libwrap.[so,a]</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+    </variablelist>
+  </sect2>
 </sect1>

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 0d1d489 for basicnet

Legend:

basicnet/netprogs/tcpwrappers.xml

Download in other formats: