- Timestamp:
- 04/30/2005 02:15:58 PM (19 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 6.1, 6.2, 6.2.0, 6.2.0-rc1, 6.2.0-rc2, 6.3, 6.3-rc1, 6.3-rc2, 6.3-rc3, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- db0eb6a
- Parents:
- 11a05ad
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
basicnet/netprogs/tcpwrappers.xml
r11a05ad r0d1d489 7 7 <!ENTITY tcpwrappers-download-http "http://files.ichilton.co.uk/nfs/tcp_wrappers_&tcpwrappers-version;.tar.gz"> 8 8 <!ENTITY tcpwrappers-download-ftp "ftp://ftp.porcupine.org/pub/security/tcp_wrappers_&tcpwrappers-version;.tar.gz"> 9 <!ENTITY tcpwrappers-md5 9 <!ENTITY tcpwrappers-md5sum "e6fa25f71226d090f34de3f6b122fb5a"> 10 10 <!ENTITY tcpwrappers-size "97 KB"> 11 11 <!ENTITY tcpwrappers-buildsize "1.09 MB"> … … 14 14 15 15 <sect1 id="tcpwrappers" xreflabel="tcpwrappers-&tcpwrappers-version;"> 16 <sect1info> 17 <othername>$LastChangedBy$</othername> 18 <date>$Date$</date> 19 </sect1info> 20 <?dbhtml filename="tcpwrappers.html"?> 21 <title>tcpwrappers-&tcpwrappers-version;</title> 22 <indexterm zone="tcpwrappers"> 23 <primary sortas="a-Tcpwrappers">Tcpwrappers</primary></indexterm> 24 25 <sect2> 26 <title>Introduction to <application>tcpwrappers</application></title> 27 28 <para>The <application>tcpwrappers</application> package provides daemon 29 wrapper programs that report the name of the client requesting network 30 services and the requested service.</para> 31 32 <sect3><title>Package information</title> 33 <itemizedlist spacing='compact'> 34 <listitem><para>Download (HTTP): <ulink 35 url="&tcpwrappers-download-http;"/></para></listitem> 36 <listitem><para>Download (FTP): <ulink 37 url="&tcpwrappers-download-ftp;"/></para></listitem> 38 <listitem><para>Download MD5 Sum: &tcpwrappers-md5;</para></listitem> 39 <listitem><para>Download size: &tcpwrappers-size;</para></listitem> 40 <listitem><para>Estimated disk space required: 41 &tcpwrappers-buildsize;</para></listitem> 42 <listitem><para>Estimated build time: 43 &tcpwrappers-time;</para></listitem></itemizedlist> 44 </sect3> 45 46 <sect3><title>Additional downloads</title> 47 <itemizedlist spacing='compact'> 48 <listitem><para>Required Patch (Fixes some build issues and adds building of a 49 shared library): <ulink 50 url="&patch-root;/tcp_wrappers-&tcpwrappers-version;-shared_lib_plus_plus-1.patch"/> 51 </para></listitem> 52 </itemizedlist> 53 </sect3> 54 55 </sect2> 56 57 <sect2> 58 <title>Installation of <application>tcpwrappers</application></title> 59 60 <para>Install <application>tcpwrappers</application> with the following 61 commands:</para> 62 63 <screen><userinput><command>patch -Np1 -i ../tcp_wrappers-&tcpwrappers-version;-shared_lib_plus_plus-1.patch && 16 <?dbhtml filename="tcpwrappers.html"?> 17 18 <sect1info> 19 <othername>$LastChangedBy$</othername> 20 <date>$Date$</date> 21 </sect1info> 22 23 <title>Tcpwrappers-&tcpwrappers-version;</title> 24 25 <indexterm zone="tcpwrappers"> 26 <primary sortas="a-Tcpwrappers">Tcpwrappers</primary> 27 </indexterm> 28 29 <sect2 role="package"> 30 <title>Introduction to Tcpwrappers</title> 31 32 <para>The <application>tcpwrappers</application> package provides daemon 33 wrapper programs that report the name of the client requesting network 34 services and the requested service.</para> 35 36 <bridgehead renderas="sect3">Package Information</bridgehead> 37 <itemizedlist spacing="compact"> 38 <listitem> 39 <para>Download (HTTP): <ulink url="&tcpwrappers-download-http;"/></para> 40 </listitem> 41 <listitem> 42 <para>Download (FTP): <ulink url="&tcpwrappers-download-ftp;"/></para> 43 </listitem> 44 <listitem> 45 <para>Download MD5 sum: &tcpwrappers-md5sum;</para> 46 </listitem> 47 <listitem> 48 <para>Download size: &tcpwrappers-size;</para> 49 </listitem> 50 <listitem> 51 <para>Estimated disk space required: &tcpwrappers-buildsize;</para> 52 </listitem> 53 <listitem> 54 <para>Estimated build time: &tcpwrappers-time;</para></listitem> 55 </itemizedlist> 56 57 <bridgehead renderas="sect3">Additional Downloads</bridgehead> 58 <itemizedlist spacing='compact'> 59 <listitem> 60 <para>Required Patch (Fixes some build issues and adds building of a 61 shared library): <ulink 62 url="&patch-root;/tcp_wrappers-&tcpwrappers-version;-shared_lib_plus_plus-1.patch"/></para> 63 </listitem> 64 </itemizedlist> 65 66 </sect2> 67 68 <sect2 role="installation"> 69 <title>Installation of Tcpwrappers</title> 70 71 <para>Install <application>tcpwrappers</application> with the following 72 commands:</para> 73 74 <screen><userinput>patch -Np1 -i ../tcp_wrappers-&tcpwrappers-version;-shared_lib_plus_plus-1.patch && 64 75 sed -i -e "s,^extern char \*malloc();,/* & */," scaffold.c && 65 make REAL_DAEMON_DIR=/usr/sbin STYLE=-DPROCESS_OPTIONS linux</command></userinput></screen> 66 67 <para>Now, as the root user:</para> 68 69 <screen><userinput role='root'><command>make install</command></userinput></screen> 70 71 </sect2> 72 73 <sect2> 74 <title>Command explanations</title> 75 76 <para><command>sed -i -e ... scaffold.c</command>: This command removes an 77 obsolete C declaration which causes the build to fail if using 78 <application><acronym>GCC</acronym>-3.4.x</application>.</para> 79 80 </sect2> 81 82 <sect2> 83 <title>Configuring <application>tcpwrappers</application></title> 84 85 <sect3 id="tcpwrappers-config"><title>Config files</title> 86 <para><filename>/etc/hosts.allow</filename> and 87 <filename>/etc/hosts.deny</filename></para> 88 <indexterm zone="tcpwrappers tcpwrappers-config"> 89 <primary sortas="e-etc-hosts.allow">/etc/hosts.allow</primary></indexterm> 90 <indexterm zone="tcpwrappers tcpwrappers-config"> 91 <primary sortas="e-etc-hosts.deny">/etc/hosts.deny</primary></indexterm> 92 93 <para>File protections: the wrapper, all files used by the wrapper, 94 and all directories in the path leading to those files, should be 95 accessible but not writable for unprivileged users (mode 755 or mode 96 555). Do not install the wrapper set-uid.</para> 97 98 <para>As the root user, perform the following edits on the 99 <filename>/etc/inetd.conf</filename> configuration file:</para> 100 <indexterm zone="tcpwrappers tcpwrappers-config"> 101 <primary sortas="e-etc-inetd.conf">/etc/inetd.conf</primary></indexterm> 102 103 <screen><userinput role='root'>finger stream tcp nowait nobody /usr/sbin/in.fingerd in.fingerd</userinput></screen> 104 <para>becomes:</para> 105 <screen><userinput role='root'>finger stream tcp nowait nobody /usr/sbin/tcpd in.fingerd</userinput></screen> 106 107 <note><para>The finger server is used as an example here.</para></note> 108 109 <para>Similar changes must be made if <application>xinetd</application> is 110 used, with the emphasis being on calling <command>/usr/sbin/tcpd</command> 111 instead of calling the service daemon directly, and passing the name of the 112 service daemon to <command>tcpd</command>.</para> 113 <indexterm zone="tcpwrappers tcpwrappers-config"> 114 <primary sortas="e-etc-xinetd.conf">/etc/xinetd.conf</primary></indexterm> 115 </sect3> 116 117 </sect2> 118 119 <sect2> 120 <title>Contents</title> 121 122 <segmentedlist> 123 <segtitle>Installed Programs</segtitle> 124 <segtitle>Installed Library</segtitle> 125 <segtitle>Installed Directories</segtitle> 126 127 <seglistitem> 128 <seg>tcpd, tcpdchk, tcpdmatch, try-from and safe_finger</seg> 129 <seg>libwrap.[so,a]</seg> 130 <seg>None</seg> 131 </seglistitem> 132 </segmentedlist> 133 134 <variablelist> 135 <bridgehead renderas="sect3">Short Descriptions</bridgehead> 136 <?dbfo list-presentation="list"?> 137 138 <varlistentry id="tcpd"> 139 <term><command>tcpd</command></term> 140 <listitem><para>is the main access control daemon for all Internet services, 141 which <command>inetd</command> or <command>xinetd</command> will run instead 142 of running the requested service daemon.</para> 143 <indexterm zone="tcpwrappers tcpd"> 144 <primary sortas="b-tcpd">tcpd</primary> 145 </indexterm></listitem> 146 </varlistentry> 147 148 <varlistentry id="tcpdchk"> 149 <term><command>tcpdchk</command></term> 150 <listitem><para>is a tool to examine a <command>tcpd</command> wrapper 151 configuration and report problems with it.</para> 152 <indexterm zone="tcpwrappers tcpdchk"> 153 <primary sortas="b-tcpdchk">tcpdchk</primary> 154 </indexterm></listitem> 155 </varlistentry> 156 157 <varlistentry id="tcpdmatch"> 158 <term><command>tcpdmatch</command></term> 159 <listitem><para>is used to predict how the <acronym>TCP</acronym> wrapper 160 would handle a specific request for a service.</para> 161 <indexterm zone="tcpwrappers tcpdmatch"> 162 <primary sortas="b-tcpdmatch">tcpdmatch</primary> 163 </indexterm></listitem> 164 </varlistentry> 165 166 <varlistentry id="try-from"> 167 <term><command>try-from</command></term> 168 <listitem><para>can be called via a remote shell command to find out if the 169 host name and address are properly recognized.</para> 170 <indexterm zone="tcpwrappers try-from"> 171 <primary sortas="b-try-from">try-from</primary> 172 </indexterm></listitem> 173 </varlistentry> 174 175 <varlistentry id="safe_finger"> 176 <term><command>safe_finger</command></term> 177 <listitem><para>is a wrapper for the <command>finger</command> utility, to 178 provide automatic reverse name lookups.</para> 179 <indexterm zone="tcpwrappers safe_finger"> 180 <primary sortas="b-safe_finger">safe_finger</primary> 181 </indexterm></listitem> 182 </varlistentry> 183 184 <varlistentry id="libwrap"> 185 <term><filename class='libraryfile'>libwrap.[so,a]</filename></term> 186 <listitem><para>contains the <acronym>API</acronym> functions required by 187 the <application>tcpwrappers</application> programs as well as other programs 188 to become <quote><application>tcpwrappers</application>-aware</quote>.</para> 189 <indexterm zone="tcpwrappers libwrap"> 190 <primary sortas="c-libwrap">libwrap.[so,a]</primary> 191 </indexterm></listitem> 192 </varlistentry> 193 </variablelist> 194 195 </sect2> 76 make REAL_DAEMON_DIR=/usr/sbin STYLE=-DPROCESS_OPTIONS linux</userinput></screen> 77 78 <para>Now, as the <systemitem class="username">root</systemitem> user:</para> 79 80 <screen role="root"><userinput>make install</userinput></screen> 81 82 </sect2> 83 84 <sect2 role="commands"> 85 <title>Command Explanations</title> 86 87 <para><command>sed -i -e ... scaffold.c</command>: This command removes an 88 obsolete C declaration which causes the build to fail if using 89 <application>GCC-3.4.x</application>.</para> 90 91 </sect2> 92 93 <sect2 role="configuration"> 94 <title>Configuring Tcpwrappers</title> 95 96 <sect3 id="tcpwrappers-config"> 97 <title>Config Files</title> 98 99 <para><filename>/etc/hosts.allow</filename> and 100 <filename>/etc/hosts.deny</filename></para> 101 102 <indexterm zone="tcpwrappers tcpwrappers-config"> 103 <primary sortas="e-etc-hosts.allow">/etc/hosts.allow</primary> 104 </indexterm> 105 106 <indexterm zone="tcpwrappers tcpwrappers-config"> 107 <primary sortas="e-etc-hosts.deny">/etc/hosts.deny</primary> 108 </indexterm> 109 110 <para>File protections: the wrapper, all files used by the wrapper, 111 and all directories in the path leading to those files, should be 112 accessible but not writable for unprivileged users (mode 755 or mode 113 555). Do not install the wrapper set-uid.</para> 114 115 <para>As the <systemitem class="username">root</systemitem> user, 116 perform the following edits on the 117 <filename>/etc/inetd.conf</filename> configuration file:</para> 118 119 <indexterm zone="tcpwrappers tcpwrappers-config"> 120 <primary sortas="e-etc-inetd.conf">/etc/inetd.conf</primary> 121 </indexterm> 122 123 <screen><literal>finger stream tcp nowait nobody /usr/sbin/in.fingerd in.fingerd</literal></screen> 124 125 <para>becomes:</para> 126 127 <screen><literal>finger stream tcp nowait nobody /usr/sbin/tcpd in.fingerd</literal></screen> 128 129 <note> 130 <para>The <command>finger</command> server is used as an example here.</para> 131 </note> 132 133 <para>Similar changes must be made if <application>xinetd</application> is 134 used, with the emphasis being on calling <command>/usr/sbin/tcpd</command> 135 instead of calling the service daemon directly, and passing the name of the 136 service daemon to <command>tcpd</command>.</para> 137 138 <indexterm zone="tcpwrappers tcpwrappers-config"> 139 <primary sortas="e-etc-xinetd.conf">/etc/xinetd.conf</primary> 140 </indexterm> 141 142 </sect3> 143 144 </sect2> 145 146 <sect2 role="content"> 147 <title>Contents</title> 148 149 <segmentedlist> 150 <segtitle>Installed Programs</segtitle> 151 <segtitle>Installed Library</segtitle> 152 <segtitle>Installed Directories</segtitle> 153 154 <seglistitem> 155 <seg>tcpd, tcpdchk, tcpdmatch, try-from, and safe_finger</seg> 156 <seg>libwrap.[so,a]</seg> 157 <seg>None</seg> 158 </seglistitem> 159 </segmentedlist> 160 161 <variablelist> 162 <bridgehead renderas="sect3">Short Descriptions</bridgehead> 163 <?dbfo list-presentation="list"?> 164 <?dbhtml list-presentation="table"?> 165 166 <varlistentry id="tcpd"> 167 <term><command>tcpd</command></term> 168 <listitem> 169 <para>is the main access control daemon for all Internet services, 170 which <command>inetd</command> or <command>xinetd</command> 171 will run instead of running the requested service daemon.</para> 172 <indexterm zone="tcpwrappers tcpd"> 173 <primary sortas="b-tcpd">tcpd</primary> 174 </indexterm> 175 </listitem> 176 </varlistentry> 177 178 <varlistentry id="tcpdchk"> 179 <term><command>tcpdchk</command></term> 180 <listitem> 181 <para>is a tool to examine a <command>tcpd</command> wrapper 182 configuration and report problems with it.</para> 183 <indexterm zone="tcpwrappers tcpdchk"> 184 <primary sortas="b-tcpdchk">tcpdchk</primary> 185 </indexterm> 186 </listitem> 187 </varlistentry> 188 189 <varlistentry id="tcpdmatch"> 190 <term><command>tcpdmatch</command></term> 191 <listitem> 192 <para>is used to predict how the TCP wrapper 193 would handle a specific request for a service.</para> 194 <indexterm zone="tcpwrappers tcpdmatch"> 195 <primary sortas="b-tcpdmatch">tcpdmatch</primary> 196 </indexterm> 197 </listitem> 198 </varlistentry> 199 200 <varlistentry id="try-from"> 201 <term><command>try-from</command></term> 202 <listitem> 203 <para>can be called via a remote shell command to find out if the 204 host name and address are properly recognized.</para> 205 <indexterm zone="tcpwrappers try-from"> 206 <primary sortas="b-try-from">try-from</primary> 207 </indexterm> 208 </listitem> 209 </varlistentry> 210 211 <varlistentry id="safe_finger"> 212 <term><command>safe_finger</command></term> 213 <listitem> 214 <para>is a wrapper for the <command>finger</command> utility, to 215 provide automatic reverse name lookups.</para> 216 <indexterm zone="tcpwrappers safe_finger"> 217 <primary sortas="b-safe_finger">safe_finger</primary> 218 </indexterm> 219 </listitem> 220 </varlistentry> 221 222 <varlistentry id="libwrap"> 223 <term><filename class='libraryfile'>libwrap.[so,a]</filename></term> 224 <listitem> 225 <para>contains the API functions required by 226 the <application>tcpwrappers</application> programs as well as other programs 227 to become <quote><application>tcpwrappers</application>-aware</quote>.</para> 228 <indexterm zone="tcpwrappers libwrap"> 229 <primary sortas="c-libwrap">libwrap.[so,a]</primary> 230 </indexterm> 231 </listitem> 232 </varlistentry> 233 234 </variablelist> 235 236 </sect2> 196 237 197 238 </sect1>
Note:
See TracChangeset
for help on using the changeset viewer.