Guys,
Note : I made this article more available for you.
/etc/hosts.allow and /etc/hosts.deny
File protections: the wrapper, all files used by the wrapper, and all directories in the path leading to those files, should be accessible but not writable for unprivileged users (mode 755 or mode 555). Do not install the wrapper set-uid.
As the root user, perform the following edits on the /etc/inetd.conf configuration file:
finger stream tcp nowait nobody /usr/sbin/in.fingerd in.fingerd
becomes:
finger stream tcp nowait nobody /usr/sbin/tcpd in.fingerd
[Note]
Note
The finger server is used as an example here.
Similar changes must be made if xinetd is used, with the emphasis being on calling /usr/sbin/tcpd instead of calling the service daemon directly, and passing the name of the service daemon to tcpd.
Contents :
Installed Programs: tcpd, tcpdchk, tcpdmatch, try-from, and safe_finger
Installed Library: libwrap.{so,a}
Installed Directories: None
Short Descriptions :
tcpd : is the main access control daemon for all Internet services, which inetd or xinetd will run instead of running the requested service daemon.
tcpdchk : is a tool to examine a tcpd wrapper configuration and report problems with it.
tcpdmatch : is used to predict how the TCP wrapper would handle a specific request for a service.
try-from : can be called via a remote shell command to find out if the host name and address are properly recognized.
safe_finger : is a wrapper for the finger utility, to provide automatic reverse name lookups.
libwrap.{so,a}
contains the API functions required by the TCP Wrapper programs as well as other programs to become “TCP Wrapper-aware”.
Try :)
Monday, 1 November 2010
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment