TCP Wrapper-7.6

Introduction to TCP Wrapper

The TCP Wrapper package provides daemon wrapper programs that report the name of the client requesting network services and the requested service.

Package Information

Download (HTTP): http://files.ichilton.co.uk/nfs/tcp_wrappers_7.6.tar.gz
Download (FTP): ftp://ftp.porcupine.org/pub/security/tcp_wrappers_7.6.tar.gz
Download MD5 sum: e6fa25f71226d090f34de3f6b122fb5a
Download size: 97 KB
Estimated disk space required: 1.09 MB
Estimated build time: less than 0.1 SBU

Additional Downloads

Required Patch (Fixes some build issues and adds building a shared library): http://www.linuxfromscratch.org/patches/blfs/6.3/tcp_wrappers-7.6-shared_lib_plus_plus-1.patch

User Notes: http://wiki.linuxfromscratch.org/blfs/wiki/tcpwrappers

Installation of TCP Wrapper

Install TCP Wrapper with the following commands:

patch -Np1 -i ../tcp_wrappers-7.6-shared_lib_plus_plus-1.patch &&
sed -i -e "s,^extern char \*malloc();,/* & */," scaffold.c &&
make REAL_DAEMON_DIR=/usr/sbin STYLE=-DPROCESS_OPTIONS linux

This package does not come with a test suite.

Now, as the root user:

make install

Command Explanations

sed -i -e ... scaffold.c: This command removes an obsolete C declaration which causes the build to fail if using GCC >= 3.4.x.

Configuring TCP Wrapper

Config Files

/etc/hosts.allow and /etc/hosts.deny

File protections: the wrapper, all files used by the wrapper, and all directories in the path leading to those files, should be accessible but not writable for unprivileged users (mode 755 or mode 555). Do not install the wrapper set-uid.

As the root user, perform the following edits on the /etc/inetd.conf configuration file:

finger stream tcp nowait nobody /usr/sbin/in.fingerd in.fingerd

becomes:

finger stream tcp nowait nobody /usr/sbin/tcpd in.fingerd

Note

The finger server is used as an example here.

Similar changes must be made if xinetd is used, with the emphasis being on calling /usr/sbin/tcpd instead of calling the service daemon directly, and passing the name of the service daemon to tcpd.

Installed Programs: tcpd, tcpdchk, tcpdmatch, try-from, and safe_finger

Installed Library: libwrap.{so,a}

Installed Directories: None

Short Descriptions

tcpd	is the main access control daemon for all Internet services, which inetd or xinetd will run instead of running the requested service daemon.
tcpdchk	is a tool to examine a tcpd wrapper configuration and report problems with it.
tcpdmatch	is used to predict how the TCP wrapper would handle a specific request for a service.
try-from	can be called via a remote shell command to find out if the host name and address are properly recognized.
safe_finger	is a wrapper for the finger utility, to provide automatic reverse name lookups.
`libwrap.{so,a}`	contains the API functions required by the TCP Wrapper programs as well as other programs to become “TCP Wrapper-aware”.

Last updated on 2007-04-04 14:42:53 -0500

Beyond Linux^® From Scratch - Version 6.3

Chapter 16. Basic Networking Programs

TCP Wrapper-7.6

Introduction to TCP Wrapper

Package Information

Additional Downloads

Installation of TCP Wrapper

Command Explanations

Configuring TCP Wrapper

Config Files

Note

Contents

Short Descriptions

Beyond Linux® From Scratch - Version 6.3

Chapter 16. Basic Networking Programs

TCP Wrapper-7.6

Introduction to TCP Wrapper

Package Information

Additional Downloads

Installation of TCP Wrapper

Command Explanations

Configuring TCP Wrapper

Config Files

Note

Contents

Short Descriptions

Beyond Linux^® From Scratch - Version 6.3