122


Chapter 8. TCP Wrappers and


xinetd


special file or email an administrator. Below is an example of a booby trap in the


hosts.deny


file


which will write a log line containing the date and client information every time a host from the the


IP range 10.0.1.0 to 10.0.1.255 attempts to connect via Telnet:


in.telnetd: 10.0.1.: spawn (/bin/echo `date` %c >> /var/log/telnet.log) &


Another feature of using shell commands is support for expansions. Expansions provide the com 


mand with information about the client, server, and process involved. Below is a list of supported


expansions:


  %a


  The client's IP address.


  %A


  The server's IP address.


  %c


  Supplies a variety of client information, such as the username and hostname, or the username


and IP address.


  %d


  The daemon process name.


  %h


  The client's hostname (or IP address, if the hostname is unavailable).


  %H


  The server's hostname (or IP address, if the hostname is unavailable).


  %n


  The client's hostname. If unavailable,


unknown


is printed. If the client's hostname and host


address do not match,


paranoid


is printed.


  %N


  The server's hostname. If unavailable,


unknown


is printed. If the server's hostname and host


address do not match,


paranoid


is printed.


  %p


  The daemon process ID.


  %s


  Various types of server information, such as the daemon process and the host or IP address


of the server.


  %u


  The client's username. If unavailable,


unknown


is printed.


For a full explanation of available shell commands, as well as some additional access control exam 


ples, review see the man page for


hosts_access


.


Note


Special attention must be given to portmap when host access control lists. Only IP addresses or


the ALL option should be used when specifying hosts to allow or deny, as host names are not sup 


ported. In addition, changes to the host access control lists that concern portmap may not take affect


immediately.


As widely used services, such as NIS and NFS, depend on portmap to operate, be aware of these


limitations before depending on hosts.allow and hosts.deny to control access.


8.3. Access Control Using


xinetd


The benefits offered by TCP wrappers are enhanced when the


libwrap.a


library is used in conjunc 


tion with


xinetd


, a super daemon that provides additional access, logging, binding, redirection and


resource utilization control.


Red Hat Linux configures a variety of popular network services to be used with


xinetd


, including


FTP, IMAP, POP, and Telnet. When any of these services are accessed via their port numbers in


/etc/services


, the


xinetd


daemon handles the request. Before bringing up the requested network


service,


xinetd


ensures that the client host information meets the access control rules, the number of








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      tomcat hosting

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Jsp Hosting
Cheap Hosting



Visionwebhosting.net Business web hosting division of Web 
Design Plus. All rights reserved