Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Tcp wrapper
Top Forums UNIX for Advanced & Expert Users Tcp wrapper Post 25631 by mslightn on Thursday 1st of August 2002 02:15:01 PM
Old 08-01-2002
There's no need to make an issue of this...

But for hassan2's sake, the following are excerps from the TCP Wrapper README file:

===========================================

1 - Introduction
----------------

With this package you can monitor and filter incoming requests for the SYSTAT, FINGER, FTP, TELNET, RLOGIN, RSH, EXEC, TFTP, TALK, and other network services.

It supports both 4.3BSD-style sockets and System V.4-style TLI. Praise yourself lucky if you don't know what that means.

...

===========================================

This is also stated in the man pages (`man tcpd`)...

** Most importantly, I have tested this.

hassan2 - this works very well, so don't let anyone daunt your efforts on this. You're on the right track.
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

wrapper for Common Tools

Hi All, I have bunch of different versions of generic tools (like gcc, gdb, ddd etc) and these tools are compiled for different platforms (linux, solaris...) I would like to mount all these tools into some common place (like /nfs/tools/bin) and have the wrapper to pull the latest version of the... (2 Replies)
Discussion started by: cantgetname
2 Replies

2. UNIX for Dummies Questions & Answers

What is a wrapper script

I tried searching the forum ,,but couldn't locate ..Can anyone give me a link or some information about wrapper script. (1 Reply)
Discussion started by: thana
1 Replies

3. UNIX for Dummies Questions & Answers

Writing a wrapper

Hi everyone, I have this custom sudo package over which I want to write a wrapper using PERL. The wrapper will do some pre-work and then call the regular sudo package from within itself. But I am facing a peculiar problem here. Once invoked, I am able to do the pre-work from within the... (1 Reply)
Discussion started by: garric
1 Replies

4. Shell Programming and Scripting

Help with a wrapper script not working

Hello, I have the below wrapper script: #!/usr/bin/perl -w if ($^O eq 'MSWin32' ) { $subnet = 'c:\path\to\subnet.txt'; } else { $subnet = '/opt/qip/wrapper-del-sub'; } open FH1, 'jj-deleted-subnets.txt' or die "Can't open 'jj-deleted-subnets.txt' ... (0 Replies)
Discussion started by: richsark
0 Replies

5. UNIX for Dummies Questions & Answers

SSH/SSL wrapper

My IRC client does not support SSL, so I was wondering if there was any other way to encrypt the information between SSL clients on an IRC network, maybe by using SSH to enter the IRC program or something (it's a command-line program) and passing all the plain-text through SSH first. I tried... (0 Replies)
Discussion started by: guitarscn
0 Replies

6. Shell Programming and Scripting

wrapper script in perl

Hi, I am in need of way to facilitate this senerio in a perl script. I have CLI ( command line interface) which I run like so: kip-tepltist -u Xxx -p Xxx Which produces tones of names from each template it found: 194Iselin-NJ 33-IDFLB-North-611-Woodward-8600 ... (5 Replies)
Discussion started by: richsark
5 Replies

7. Shell Programming and Scripting

Count script wrapper help

I have this a code that I got help with for another task. I since tried to modify it to work on this task. I need someones expertise to modify it slightly and I am not sure where to start or yet fully understand the logic. I am trying to get a script to read my m-names.txt which has lots... (19 Replies)
Discussion started by: richsark
19 Replies

8. UNIX for Dummies Questions & Answers

What is a wrapper?

Hi, I am a dummy and hear to the computation guys telling me, "Oh! that is easy, you just write a wrapper to do all that bunch of stuff!" :cool: Could someone tell me what is a wrapper? :rolleyes: The only one I know is Cling-Wrap for sandwiches. A small elegant example would be very... (1 Reply)
Discussion started by: genehunter
1 Replies

9. UNIX for Dummies Questions & Answers

Linux printer wrapper

Have an HP 1000 j110a on Slackware 13.0. Is there a wrapper I could use with or without CUPS to allow me to print to this device? I am aware of HPLIP and HPIJS both of which are included in 13.37 release I will be ordering but need something until it is delivered. (0 Replies)
Discussion started by: slak0
0 Replies

10. Solaris

Too much TCP retransmitted and TCP duplicate on server Oracle Solaris 10

I have problem with oracle solaris 10 running on oracle sparc T4-2 server. Os information: 5.10 Generic_150400-03 sun4v sparc sun4v Output from tcpstat.d script TCP bytes: out outRetrans in inDup inUnorder 6833763 7300 98884 0... (2 Replies)
Discussion started by: insatiable1610
2 Replies

LEARN ABOUT OPENSOLARIS

tcpd

TCPD(1M)																  TCPD(1M)

NAME

       tcpd - access control facility for internet services

DESCRIPTION

       The  tcpd  program can be set up to monitor incoming requests for telnet, finger, ftp, exec, rsh, rlogin, tftp, talk, comsat and other ser-
       vices that have a one-to-one mapping onto executable files.

       The program supports both 4.3BSD-style sockets and System V.4-style TLI.  Functionality may be limited when the protocol underneath TLI	is
       not an internet protocol.

       Operation  is  as follows: whenever a request for service arrives, the inetd daemon is tricked into running the tcpd program instead of the
       desired server. tcpd logs the request and does some additional checks. When all is well, tcpd runs the appropriate server program and  goes
       away.

       Optional  features are: pattern-based access control, client username lookups with the RFC 931 etc. protocol, protection against hosts that
       pretend to have someone elses host name, and protection against hosts that pretend to have someone elses network address.

LIBWRAP INTERFACE

       The same monitoring and access control functionality provided by the tcpd standalone program is also available through the  libwrap  shared
       library	interface.  Some  programs,  including	the Solaris inetd daemon, have been modified  to use the libwrap interface and thus do not
       require replacing the real server programs with tcpd. The libwrap interface is also more efficient and can be used for inetd internal  ser-
       vices. See inetd(1M) for more information.

LOGGING

       Connections that are monitored by tcpd are reported through the syslog(3) facility. Each record contains a time stamp, the client host name
       and the name of the requested service.  The information can be useful to detect unwanted activities, especially	when  logfile  information
       from several hosts is merged.

       In order to find out where your logs are going, examine the syslog configuration file, usually /etc/syslog.conf.

ACCESS CONTROL

       Optionally,  tcpd  supports  a simple form of access control that is based on pattern matching.	The access-control software provides hooks
       for the execution of shell commands when a pattern fires.  For details, see the hosts_access(4) manual page.

HOST NAME VERIFICATION

       The authentication scheme of some protocols (rlogin, rsh) relies on host names. Some implementations believe the host name  that  they  get
       from any random name server; other implementations are more careful but use a flawed algorithm.

       tcpd  verifies  the  client  host  name	that  is returned by the address->name DNS server by looking at the host name and address that are
       returned by the name->address DNS server.  If any discrepancy is detected, tcpd concludes that it is dealing with a host that  pretends	to
       have someone elses host name.

       If  the	sources are compiled with -DPARANOID, tcpd will drop the connection in case of a host name/address mismatch.  Otherwise, the host-
       name can be matched with the PARANOID wildcard, after which suitable action can be taken.

HOST ADDRESS SPOOFING

       Optionally, tcpd disables source-routing socket options on every connection that it deals with. This will take care of  most  attacks  from
       hosts that pretend to have an address that belongs to someone elses network. UDP services do not benefit from this protection. This feature
       must be turned on at compile time.

RFC 931
       When RFC 931 etc. lookups are enabled (compile-time option) tcpd will attempt to establish the name of the client user. This  will  succeed
       only  if  the  client host runs an RFC 931-compliant daemon.  Client user name lookups will not work for datagram-oriented connections, and
       may cause noticeable delays in the case of connections from PCs.

       Warning: If the local system runs an RFC 931 server it is important that it be configured NOT to use TCP Wrappers, or that TCP Wrappers	be
       configured  to  avoid  RFC 931-based access control for this service.  If you use usernames in the access control files, make sure that you
       have a hosts.allow entry that allows the RFC 931 service (often called "identd" or "auth") without any username	restrictions.  Failure	to
       heed this warning can result in two hosts getting in an endless loop of consulting each other's identd services.

EXAMPLES

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +--------------------+-----------------+
       |  ATTRIBUTE TYPE    | ATTRIBUTE VALUE |
       +--------------------+-----------------+
       |Availability	    | SUNWtcpd	      |
       +--------------------+-----------------+
       |Interface Stability | Committed       |
       +--------------------+-----------------+
NOTES

       Source for tcp_wrappers is available in the SUNWtcpdS package.

																	  TCPD(1M)
All times are GMT -4. The time now is 07:29 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy