mirror of
https://github.com/Zeckmathederg/glfs.git
synced 2025-02-05 07:57:23 +08:00
9905a3c983
git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@638 af4574ff-66df-0310-9fd7-8a98e5e911e0
32 lines
1.0 KiB
XML
32 lines
1.0 KiB
XML
<sect2>
|
|
<title>Configuring tcpwrappers</title>
|
|
|
|
<sect3><title>Config files</title>
|
|
<para><userinput>/etc/hosts.allow, /etc/hosts.deny,
|
|
</userinput></para>
|
|
|
|
<para>File protections: the wrapper, all files used by the wrapper,
|
|
and all directories in the path leading to those files, should be
|
|
accessible but not writable for unprivileged users (mode 755 or mode
|
|
555). Do not install the wrapper set-uid.</para>
|
|
|
|
<para>
|
|
Then perform the following edits on the
|
|
<filename>/etc/inetd.conf</filename> configuration file :
|
|
<screen><userinput>
|
|
finger stream tcp nowait nobody /usr/sbin/in.fingerd in.fingerd
|
|
</userinput></screen>
|
|
becomes:
|
|
<screen><userinput>
|
|
finger stream tcp nowait nobody /usr/sbin/tcpd in.fingerd
|
|
</userinput></screen></para>
|
|
<note><para>The finger server is used as an example here.</para></note>
|
|
<para>Similar changes must be made if xinetd is used, with the
|
|
emphasis being on calling /usr/sbin/tcpd instead of calling the
|
|
service daemon directly, and passing the name of the service daemon to
|
|
tcpd.</para>
|
|
</sect3>
|
|
|
|
</sect2>
|
|
|