Manualshelf

HP-UX Internet Services Administrator's Guide (May 2010)

ManualsBrandsHP ManualsSoftwareHP-UX 11i v3 ONC and NFS Software
31323334353637383940
3 TCP Wrappers
The Transmission Control Protocol (TCP) Wrappers product suite provides an enhanced
security mechanism for services spawned by the Internet Services daemon, inetd.
This chapter discusses the following topics:
“Overview” (page 37)
“The tcpd Features” (page 37)
“TCP Wrappers Files” (page 39)
“IPv6 Support” (page 44)
“Troubleshooting” (page 44)
Overview
The Internet services server, inetd, allows a single process to wait for multiple services
instead of the single process waiting for each service. When a connection is established
with inetd for a service, inetd runs the appropriate server specified in the
/etc/inetd.conf file and waits for other connections.
If you enable TCP wrappers, inetd runs a TCP wrapper daemon, tcpd, instead of
running the requested service directly. When a request for a service is received, inetd
invokes tcpd for the service. tcpd logs the request and checks the access control files
for a matching daemon-client pair entry to either grant or deny access to the requested
service. If access is granted to the requested service, tcpd invokes the appropriate
server program.
You can define configuration parameters such as logging behavior, user name lookups,
and reverse look up failure behavior in the configuration file /etc/tcpd.conf. tcpd
reads the configuration file /etc/tcpd.conf file for configuration parameters during
runtime.
The wrappers program does not work with RPC services over TCP. These services are
registered as rpc or tcp in the /etc/inetd.conf file. The only non-trivial service
that is affected by this limitation is rexd used by the on command.
The tcpd Features
The tcpd program provides the following features to enforce access control checks for
a service:
Access Control
Host name or Address Spoofing
Client User Name
Setting Traps
Banner Messages
Overview 37