Manualshelf

Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP HP-UX Auditing System Extensions
71727374757677787980
When you enable TCP Wrappers, inetd runs a TCP wrapper daemon, tcpd, instead
of running the requested service directly. The TCP Wrappers work as follows:
1. Clients send connection requests to inetd as they normally do, for example,
telnet.
2. Instead of invoking the server process, inetd calls the TCP Wrapper daemon
(tcpd).
3. The TCP Wrapper daemon determines the validity of the client's connection request.
The tcpd daemon logs the request and checks the access control files (/etc/
hosts.allow and /etc/hosts.deny).
4. If the client is valid,tcpd calls the appropriate server process.
5. The server process processes the client's request, for example, the telnet connection
completes.
4.3.1 Additional Features of TCP Wrappers
You can also define configuration parameters in the /etc/tcpd.conf configuration
file, such as logging behavior, user name lookups, and reverse look up failure behavior.
The tcpd daemon reads this configuration file to look for configuration parameters
during run time.
You can configure the /etc/hosts.allow and /etc/hosts.deny files for other
security features, such as trap setting and banner message.
The trap setting feature of TCP Wrappers enables you to trigger appropriate action on
the host depending upon the number of denied connection attempts from a remote host.
The banner message feature causes a message to be sent to the client when an ACL rule
is included in an access control file.
4.3.2 TCP Wrappers Do Not Work with RPC Services
TCP Wrappers do not work with remote procedure call (RPC) services over TCP. These
services are registered as rpc or tcp in the /etc/inetd.conf file. The only important
service that is affected by this limitation is rexd, used by the on command.
4.4 Secure Internet Services
Secure Internet Services (SIS) is an optionally enabled mechanism that incorporates
Kerberos V5 authentication and authorization for remote access services: ftp, rcp,
remsh, rlogin, and telnet.
Secure Internet Services is part of the HP-UX Internet Services product, which is
documented in Using HP-UX Internet Services:
http://www.hp.com/go/hpux-networking-docs
Click HP-UX 11i v3 Networking Software.
You can also see the following manpages:
4.4 Secure Internet Services 73