Manualshelf

User's Manual

ManualsBrandsSolaris ManualsSoftwareCX-310-301
68697071727374757677
Solaris 9 Security CX-310-301 71
Network Connection Access, Authentication and
Encryption
The final section looks at remote connections and the basics of cryptology.
TCP Wrappers
TCP Wrappers provides additional logging and authentication for the network daemon processes such as:
¾ ftp
¾ telnet
¾ rlogin
¾ rsh
¾ tftp
¾ exec
¾ finger
The wrappers are small daemon programs that “wrap” the actual network daemons, like in.telnetd.
You should note that TCP Wrappers doesn’t implement a full security mechanism, but does offer greater
protection than the standard network daemons.
If you’ve followed the advice earlier in this document and disabled the network services in /etc/inetd.conf,
then there is no need for TCP Wrappers because you are not using any of these services.
There are two methods of using TCP Wrappers, hidden and visible. This document concentrates on visible
wrappers.
Hidden TCP Wrappers requires modification to all of the network daemons and is much more complicated
when it comes to upgrading the operating system, unlike visible TCP Wrappers which would only require
the modification of one file, namely /etc/inetd.conf, if the system was to be upgraded.
TCP Wrappers can be downloaded from:
http://www.sunfreeware.com
and installs by default into /usr/local.
Configuring TCP Wrappers
To configure TCP Wrappers, simply modify the relevant service line in /etc/inetd.conf, so to install this
facility on the telnet service, change this line:
telnet stream tcp6 nowait root /usr/sbin/in.telnetd in.telnetd
with