mirror of
https://github.com/Zeckmathederg/glfs.git
synced 2025-02-07 01:27:16 +08:00
32 lines
1.0 KiB
XML
32 lines
1.0 KiB
XML
|
<sect2>
|
||
|
|
<title>Configuring tcpwrappers</title>
|
||
|
|
|
||
|
|
<sect3><title>Config files</title>
|
||
|
|
<para><userinput>/etc/hosts.allow, /etc/hosts.deny,
|
||
|
|
</userinput></para>
|
||
|
|
|
||
|
|
<para>File protections: the wrapper, all files used by the wrapper,
|
||
|
|
and all directories in the path leading to those files, should be
|
||
|
|
accessible but not writable for unprivileged users (mode 755 or mode
|
||
|
|
555). Do not install the wrapper set-uid.</para>
|
||
|
|
|
||
|
|
<para>
|
||
|
|
Then perform the following edits on the
|
||
|
|
<filename>/etc/inetd.conf</filename> configuration file :
|
||
|
|
<screen><userinput>
|
||
|
|
finger stream tcp nowait nobody /usr/sbin/in.fingerd in.fingerd
|
||
|
|
</userinput></screen>
|
||
|
|
becomes:
|
||
|
|
<screen><userinput>
|
||
|
|
finger stream tcp nowait nobody /usr/sbin/tcpd in.fingerd
|
||
|
|
</userinput></screen></para>
|
||
|
|
<note><para>The finger server is used as an example here.</para></note>
|
||
|
|
<para>Similar changes must be made if xinted is used, with the
|
||
|
|
emphasis being on calling /usr/sbin/tcpd instead of calling the
|
||
|
|
service daemon directly, and passing the name of the service daemon to
|
||
|
|
tcpd.</para>
|
||
|
|
</sect3>
|
||
|
|
|
||
|
|
</sect2>
|
||
|
|
|