HP-UX Internet Services Administrator's Guide (May 2010)
The tcpdchk Tool
The tcpdchk tool performs the following functions:
• Examines the validity of entries in the /etc/inetd.conf file and ACLs.
• Inspects the TCP wrapper configurations and reports problems, if any.
• Checks the tcpd access control files (/etc/hosts.allow and
/etc/hosts.deny), and compares the entries in these files with the entries in
the /etc/inetd.conf file.
You can run the tcpdchk tool on the command line as follows:
/usr/bin/tcpdchk [-a] [-d] [-i inet_conf] [-v]
where,
-a
Reports access control rules that grant access without an explicit
ALLOW keyword.
-d Examines the files /etc/hosts.allow and /etc/hosts.deny
in the current directory instead of the default directory.
-i inet_conf Specifies a different location for the configuration file inetd.conf
instead of the default directory, /etc/inetd.conf.
-v
Displays the contents of an access control rule, that is, the daemon
list, client list, shell command and option, in a printable format.
This helps you to identify discrepancies in the output.
For more information, type man 1 tcpdchk at the HP-UX prompt.
The tcpdmatch Tool
The tcpdmatch tool simulates the wrappers daemon program, and tcpd behavior
for a particular host and service.
tcpdmatch predicts how the TCP wrapper daemon handles a specific service request.
It examines the tcpd access control tables (/etc/hosts.allow and
/etc/hosts.deny) and prints a report. For maximum accuracy, it extracts additional
information from the /etc/inetd.conf file.
You can execute the tcpdmatch tool on the command line using the following formats:
1. /usr/bin/tcpdmatch [-d] [-i inet_conf] daemon client
2. /usr/bin/tcpdmatch [-d] [-i inet_conf] daemon@[server] [user@]client
daemon
Specifies a daemon name.
client Specifies the host name, network address, or the unknown or paranoid
wildcard formats.
server Specifies a host name or network address or the unknown or paranoid
wildcard formats.
42 TCP Wrappers