Controlling Access with tcpd

The tcpd wrapper software is executed by inetd. It is an integral part of most Linux distributions that use inetd. Using tcpd on a Linux system is easier than it is on many other systems because the entries in the inetd.conf file already point to the tcpd program.

Note The format of the inetd.conf file is explained in Chapter 3, "Login Services".

The following entries are from the inetd.conf file on a Linux system:

ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd -l -a telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd shell stream tcp nowait root /usr/sbin/tcpd in.rshd login stream tcp nowait root /usr/sbin/tcpd in.rlogind talk dgram udp wait root /usr/sbin/tcpd in.talkd ntalk dgram udp wait root /usr/sbin/tcpd in.ntalkd imap stream tcp nowait root /usr/sbin/tcpd imapd finger stream tcp nowait root /usr/sbin/tcpd in.fingerd

As this sample shows, the path to tcpd is used in place of the path of each network service daemon. Therefore, when inetd receives a request for a service, it starts tcpd. tcpd then logs the service request, checks the access control information, and (if permitted) starts the real daemon to handle the request.

The tcpd program performs two basic functions: It logs requests for Internet services, and it provides an access control mechanism for those services. Logging requests for specific network services is a useful monitoring function, especially if you are looking for possible intruders.

Was this article helpful?

0 0

Post a comment