Changeset d47e7ea9 for basicnet/netprogs/tcpwrappers.xml
- Timestamp:
- 06/12/2004 05:30:15 AM (20 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 6.0, 6.1, 6.2, 6.2.0, 6.2.0-rc1, 6.2.0-rc2, 6.3, 6.3-rc1, 6.3-rc2, 6.3-rc3, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- 3bba7e2
- Parents:
- 773c358
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
basicnet/netprogs/tcpwrappers.xml
r773c358 rd47e7ea9 1 <?xml version="1.0" encoding="ISO-8859-1"?> 2 <!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" 3 "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [ 4 <!ENTITY % general-entities SYSTEM "../../general.ent"> 5 %general-entities; 6 7 <!ENTITY tcpwrappers-download-http "http://files.ichilton.co.uk/nfs/tcp_wrappers_&tcpwrappers-version;.tar.gz"> 8 <!ENTITY tcpwrappers-download-ftp "ftp://ftp.porcupine.org/pub/security/tcp_wrappers_7.6.tar.gz"> 9 <!ENTITY tcpwrappers-size "100 KB"> 10 <!ENTITY tcpwrappers-buildsize "720 KB"> 11 <!ENTITY tcpwrappers-time "0.16 SBU"> 12 ]> 13 1 14 <sect1 id="tcpwrappers" xreflabel="tcpwrappers-&tcpwrappers-version;"> 2 15 <?dbhtml filename="tcpwrappers.html"?> 3 16 <title>tcpwrappers-&tcpwrappers-version;</title> 4 17 5 &tcpwrappers-intro; 6 &tcpwrappers-inst; 7 <!-- 8 &tcpwrappers-exp; 9 --> 10 &tcpwrappers-config; 11 &tcpwrappers-desc; 18 <sect2> 19 <title>Introduction to <application>tcpwrappers</application></title> 20 21 <para>The <application>tcpwrappers</application> package provides daemon 22 wrapper programs that report the name of the client requesting network services and the requested service.</para> 23 24 <sect3><title>Package information</title> 25 <itemizedlist spacing='compact'> 26 <listitem><para>Download (HTTP): <ulink 27 url="&tcpwrappers-download-http;"/></para></listitem> 28 <listitem><para>Download (FTP): <ulink 29 url="&tcpwrappers-download-ftp;"/></para></listitem> 30 <listitem><para>Download size: &tcpwrappers-size;</para></listitem> 31 <listitem><para>Estimated Disk space required: 32 &tcpwrappers-buildsize;</para></listitem> 33 <listitem><para>Estimated build time: 34 &tcpwrappers-time;</para></listitem></itemizedlist> 35 </sect3> 36 37 <sect3><title>Additional downloads</title> 38 <itemizedlist spacing='compact'> 39 <listitem><para>Required patch (Fixes some build issues and adds building of a shared library): 40 <ulink url="&patch-root;/tcp_wrappers-7.6-shared-lib-plus-plus.patch"/></para></listitem> 41 </itemizedlist> 42 </sect3> 43 44 </sect2> 45 46 <sect2> 47 <title>Installation of <application>tcpwrappers</application></title> 48 49 <para>Install <application>tcpwrappers</application> with the following 50 commands:</para> 51 52 <screen><userinput><command>patch -Np1 -i ../tcp_wrappers-7.6-shared-lib-plus-plus.patch && 53 make REAL_DAEMON_DIR=/usr/sbin STYLE=-DPROCESS_OPTIONS linux && 54 make install</command></userinput></screen> 55 56 </sect2> 57 58 <sect2> 59 <title>Configuring <application>tcpwrappers</application></title> 60 61 <sect3><title>Config files</title> 62 <para><filename>/etc/hosts.allow</filename>, 63 <filename>/etc/hosts.deny</filename></para> 64 65 <para>File protections: the wrapper, all files used by the wrapper, 66 and all directories in the path leading to those files, should be 67 accessible but not writable for unprivileged users (mode 755 or mode 68 555). Do not install the wrapper set-uid.</para> 69 70 <para>Then perform the following edits on the 71 <filename>/etc/inetd.conf</filename> configuration file:</para> 72 <screen><userinput>finger stream tcp nowait nobody /usr/sbin/in.fingerd in.fingerd</userinput></screen> 73 <para>becomes:</para> 74 <screen><userinput>finger stream tcp nowait nobody /usr/sbin/tcpd in.fingerd</userinput></screen> 75 76 <note><para>The finger server is used as an example here.</para></note> 77 78 <para>Similar changes must be made if xinetd is used, with the emphasis being 79 on calling <command>/usr/sbin/tcpd</command> instead of calling the service 80 daemon directly, and passing the name of the service daemon to tcpd.</para> 81 </sect3> 82 83 </sect2> 84 85 <sect2> 86 <title>Contents</title> 87 88 <para>The <application>tcpwrappers</application> package contains <command> 89 tcpd</command>, <command>tcpdchk</command>, <command>tcpdmatch</command>, 90 <command>try-from</command> and <command>safe_finger</command>.</para> 91 </sect2> 92 93 <sect2><title>Description</title> 94 95 <sect3><title>tcpd</title> 96 <para><command>tcpd</command> is the main access control daemon for all 97 Internet services, which <command>inetd</command> or 98 <command>xinetd</command> will run instead of running the 99 requested service daemon.</para></sect3> 100 101 <sect3><title>tcpdchk</title> 102 <para><command>tcpdchk</command> is a tool to examine a tcpd wrapper 103 configuration and report problems with it.</para></sect3> 104 105 <sect3><title>tcpdmatch</title> 106 <para><command>tcpdmatch</command> is used to predict how the tcp wrapper 107 would handle a specific request for a service.</para></sect3> 108 109 <sect3><title>try-from</title> 110 <para><command>try-from</command> can be called via a remote shell command to 111 find out if the host name and address are properly recognized.</para></sect3> 112 113 <sect3><title>safe_finger</title> 114 <para><command>safe_finger</command> is a wrapper for the <command>finger 115 </command> utility, to provide automatic reverse name lookups.</para></sect3> 116 117 </sect2> 12 118 13 119 </sect1>
Note:
See TracChangeset
for help on using the changeset viewer.