linux-from-scratch/glfs
1
0
Fork 0
mirror of https://github.com/Zeckmathederg/glfs.git synced 2025-01-23 22:42:14 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
05d5b11202
glfs/archive/tcpwrappers.xml
Pierre Labastie 3f2db3a638 Remove sect1info tags 
They only contain a date tag that is nowhere used.
2022-11-29 08:58:07 +01:00

245 lines
8.6 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % general-entities SYSTEM "../../general.ent">
%general-entities;
<!ENTITY tcpwrappers-download-http " ">
<!ENTITY tcpwrappers-download-ftp "ftp://ftp.porcupine.org/pub/security/tcp_wrappers_&tcpwrappers-version;.tar.gz">
<!ENTITY tcpwrappers-md5sum "e6fa25f71226d090f34de3f6b122fb5a">
<!ENTITY tcpwrappers-size "97 KB">
<!ENTITY tcpwrappers-buildsize "1.09 MB">
<!ENTITY tcpwrappers-time "less than 0.1 SBU">
]>
<sect1 id="tcpwrappers" xreflabel="TCP Wrappers-&tcpwrappers-version;">
<?dbhtml filename="tcpwrappers.html"?>
<title>TCP Wrappers-&tcpwrappers-version;</title>
<indexterm zone="tcpwrappers">
<primary sortas="a-TCP Wrapper">TCP Wrapper</primary>
</indexterm>
<sect2 role="package">
<title>Introduction to TCP Wrappers</title>
<para>The <application>TCP Wrapper</application> package provides daemon
wrapper programs that report the name of the client requesting network
services and the requested service. This capability is obsolete in
a modern environment, but several applications still use the library
and associated configuration files.</para>
&lfs70_checked;
<bridgehead renderas="sect3">Package Information</bridgehead>
<itemizedlist spacing="compact">
<listitem>
<para>Download (HTTP): <ulink url="&tcpwrappers-download-http;"/></para>
</listitem>
<listitem>
<para>Download (FTP): <ulink url="&tcpwrappers-download-ftp;"/></para>
</listitem>
<listitem>
<para>Download MD5 sum: &tcpwrappers-md5sum;</para>
</listitem>
<listitem>
<para>Download size: &tcpwrappers-size;</para>
</listitem>
<listitem>
<para>Estimated disk space required: &tcpwrappers-buildsize;</para>
</listitem>
<listitem>
<para>Estimated build time: &tcpwrappers-time;</para>
</listitem>
</itemizedlist>
<bridgehead renderas="sect3">Additional Downloads</bridgehead>
<itemizedlist spacing='compact'>
<listitem>
<para>Required Patch (Fixes some build issues and adds building a
shared library): <ulink
url="&patch-root;/tcp_wrappers-&tcpwrappers-version;-shared_lib_plus_plus-1.patch"/></para>
</listitem>
</itemizedlist>
<para condition="html" role="usernotes">User Notes:
<ulink url="&blfs-wiki;/tcpwrappers"/></para>
</sect2>
<sect2 role="installation">
<title>Installation of TCP Wrappers</title>
<para>Install <application>TCP Wrapper</application> with the following
commands:</para>
<screen><userinput>patch -Np1 -i ../tcp_wrappers-&tcpwrappers-version;-shared_lib_plus_plus-1.patch &amp;&amp;
sed -i -e "s,^extern char \*malloc();,/* &amp; */," scaffold.c &amp;&amp;
make REAL_DAEMON_DIR=/usr/sbin STYLE=-DPROCESS_OPTIONS linux</userinput></screen>
<para>This package does not come with a test suite.</para>
<para>Now, as the <systemitem class="username">root</systemitem> user:</para>
<screen role="root"><userinput>make install</userinput></screen>
</sect2>
<sect2 role="commands">
<title>Command Explanations</title>
<para><command>sed -i -e ... scaffold.c</command>: This command removes an
obsolete C declaration which causes the build to fail if using
<application>GCC &gt;= 3.4.x</application>.</para>
</sect2>
<sect2 role="configuration">
<title>Configuring TCP Wrappers</title>
<sect3 id="tcpwrappers-config">
<title>Config Files</title>
<para><filename>/etc/hosts.allow</filename> and
<filename>/etc/hosts.deny</filename></para>
<indexterm zone="tcpwrappers tcpwrappers-config">
<primary sortas="e-etc-hosts.allow">/etc/hosts.allow</primary>
</indexterm>
<indexterm zone="tcpwrappers tcpwrappers-config">
<primary sortas="e-etc-hosts.deny">/etc/hosts.deny</primary>
</indexterm>
<!--
<para>File protections: the wrapper, all files used by the wrapper,
and all directories in the path leading to those files, should be
accessible but not writable for unprivileged users (mode 755 or mode
555). Do not install the wrapper set-uid.</para>
<para>As the <systemitem class="username">root</systemitem> user,
perform the following edits on the
<filename>/etc/inetd.conf</filename> configuration file:</para>
<indexterm zone="tcpwrappers tcpwrappers-config">
<primary sortas="e-etc-inetd.conf">/etc/inetd.conf</primary>
</indexterm>
<screen><literal>finger stream tcp nowait nobody /usr/sbin/in.fingerd in.fingerd</literal></screen>
<para>becomes:</para>
<screen><literal>finger stream tcp nowait nobody /usr/sbin/tcpd in.fingerd</literal></screen>
<note>
<para>The <command>finger</command> server is used as an example here.</para>
</note>
<para>Similar changes must be made if <application>xinetd</application> is
used, with the emphasis being on calling <command>/usr/sbin/tcpd</command>
instead of calling the service daemon directly, and passing the name of the
service daemon to <command>tcpd</command>.</para>
<indexterm zone="tcpwrappers tcpwrappers-config">
<primary sortas="e-etc-xinetd.conf">/etc/xinetd.conf</primary>
</indexterm>
-->
</sect3>
</sect2>
<sect2 role="content">
<title>Contents</title>
<segmentedlist>
<segtitle>Installed Programs</segtitle>
<segtitle>Installed Library</segtitle>
<segtitle>Installed Directories</segtitle>
<seglistitem>
<seg>tcpd, tcpdchk, tcpdmatch, try-from, and safe_finger</seg>
<seg>libwrap.{so,a}</seg>
<seg>None</seg>
</seglistitem>
</segmentedlist>
<variablelist>
<bridgehead renderas="sect3">Short Descriptions</bridgehead>
<?dbfo list-presentation="list"?>
<?dbhtml list-presentation="table"?>
<varlistentry id="tcpd">
<term><command>tcpd</command></term>
<listitem>
<para>is the main access control daemon for all Internet services,
which <command>inetd</command> or <command>xinetd</command>
will run instead of running the requested service daemon.</para>
<indexterm zone="tcpwrappers tcpd">
<primary sortas="b-tcpd">tcpd</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="tcpdchk">
<term><command>tcpdchk</command></term>
<listitem>
<para>is a tool to examine a <command>tcpd</command> wrapper
configuration and report problems with it.</para>
<indexterm zone="tcpwrappers tcpdchk">
<primary sortas="b-tcpdchk">tcpdchk</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="tcpdmatch">
<term><command>tcpdmatch</command></term>
<listitem>
<para>is used to predict how the TCP wrapper
would handle a specific request for a service.</para>
<indexterm zone="tcpwrappers tcpdmatch">
<primary sortas="b-tcpdmatch">tcpdmatch</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="try-from">
<term><command>try-from</command></term>
<listitem>
<para>can be called via a remote shell command to find out if the
host name and address are properly recognized.</para>
<indexterm zone="tcpwrappers try-from">
<primary sortas="b-try-from">try-from</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="safe_finger">
<term><command>safe_finger</command></term>
<listitem>
<para>is a wrapper for the <command>finger</command> utility, to
provide automatic reverse name lookups.</para>
<indexterm zone="tcpwrappers safe_finger">
<primary sortas="b-safe_finger">safe_finger</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="libwrap">
<term><filename class='libraryfile'>libwrap.{so,a}</filename></term>
<listitem>
<para>contains the API functions required by
the <application>TCP Wrapper</application> programs as well as other programs
to become <quote><application>TCP Wrapper</application>-aware</quote>.</para>
<indexterm zone="tcpwrappers libwrap">
<primary sortas="c-libwrap">libwrap.{so,a}</primary>
</indexterm>
</listitem>
</varlistentry>
</variablelist>
</sect2>
</sect1>
Reference in New Issue View Git Blame Copy Permalink