Manualshelf

HP-UX Internet Services Administrator's Guide (February 2007)

ManualsBrandsHP ManualsSoftwareHP-UX 11i v3 ONC and NFS Software
41424344454647484950
contain valid data or STRING_UNKNOWN defined in the tcpd.h file. If the
access is denied the hosts_ctl() API returns a value 0.
The following are the methods to implement access control checks in a daemon program:
1. Fill the variable elements in the structure request_info using the routines
request_init() and request_set(), and call the hosts_access() routine
to verify these elements with the ACLs.
2. Call the function hosts_ctl() with appropriate input parameters to check with
the ACLs.
For more information on these APIs, type man 3 hosts_access at the HP-UX prompt.
The tcpdchk Tool
The tcpdchk tool performs the following functions:
Examines the validity of entries in the /etc/inetd.conf file and ACLs.
Inspects the TCP wrapper configurations and reports problems, if any.
Checks the tcpd access control files (/etc/hosts.allow and
/etc/hosts.deny), and compares the entries in these files with the entries in
the /etc/inetd.conf file.
You can run the tcpdchk tool on the command line as follows:
/usr/bin/tcpdchk [-a] [-d] [-i inet_conf] [-v]
where,
-a
Reports access control rules that grant access without an explicit
ALLOW keyword.
-d Examines the files /etc/hosts.allow and /etc/hosts.deny
in the current directory instead of the default directory.
-i inet_conf Specifies a different location for the configuration file inetd.conf
instead of the default directory, /etc/inetd.conf.
-v
Displays the contents of an access control rule, that is, the daemon
list, client list, shell command and option, in a printable format.
This helps you to identify discrepancies in the output.
For more information, type man 1 tcpdchk at the HP-UX prompt.
The tcpdmatch Tool
The tcpdmatch tool simulates the wrappers daemon program, and tcpd behavior
for a particular host and service.
tcpdmatch predicts how the TCP wrapper daemon handles a specific service request.
It examines the tcpd access control tables (/etc/hosts.allow and
/etc/hosts.deny) and prints a report. For maximum accuracy, it extracts additional
information from the /etc/inetd.conf file.
42 TCP Wrappers