mirror of
https://github.com/Zeckmathederg/glfs.git
synced 2025-02-03 23:07:23 +08:00
a4acd46325
git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@1384 af4574ff-66df-0310-9fd7-8a98e5e911e0
28 lines
1.1 KiB
XML
28 lines
1.1 KiB
XML
<sect2>
|
|
<title>Configuring <application>tcpwrappers</application></title>
|
|
|
|
<sect3><title>Config files</title>
|
|
<para><filename>/etc/hosts.allow</filename>,
|
|
<filename>/etc/hosts.deny</filename></para>
|
|
|
|
<para>File protections: the wrapper, all files used by the wrapper,
|
|
and all directories in the path leading to those files, should be
|
|
accessible but not writable for unprivileged users (mode 755 or mode
|
|
555). Do not install the wrapper set-uid.</para>
|
|
|
|
<para>Then perform the following edits on the
|
|
<filename>/etc/inetd.conf</filename> configuration file:</para>
|
|
<screen><userinput>finger stream tcp nowait nobody /usr/sbin/in.fingerd in.fingerd</userinput></screen>
|
|
<para>becomes:</para>
|
|
<screen><userinput>finger stream tcp nowait nobody /usr/sbin/tcpd in.fingerd</userinput></screen>
|
|
|
|
<note><para>The finger server is used as an example here.</para></note>
|
|
|
|
<para>Similar changes must be made if xinetd is used, with the emphasis being
|
|
on calling <command>/usr/sbin/tcpd</command> instead of calling the service
|
|
daemon directly, and passing the name of the service daemon to tcpd.</para>
|
|
</sect3>
|
|
|
|
</sect2>
|
|
|