|
|
TCP Wrappers Release Notes > Chapter 1 What’s
in This VersionTCP Wrapper Features |
|
The following are the features of TCP Wrappers: The Internet Super Server, inetd allows a single process to be waiting for multiple services instead of one process for each service. Whenever a connection is established with inetd for a service, inetd runs the appropriate server program specified in /etc/inetd.conf and waits for other connections. inetd runs the wrapper program tcpd instead of running the server program directly. When inetd invokes tcpd for a service, it will read the /etc/tcpd.conf file and configure itself to effect its behaviour for different features at runtime. The tcpd program offers the following features to enforce access control check for a service:
TCP Wrappers on HP-UX uses the /etc/tcpd.conf configuration file. This file can be used to set time-out on client username lookups, log level, and action to be taken in case of reverse lookup failure. The following are the binaries distributed with this release of TCP Wrappers:
TCP Wrappers daemon logs the information related to a connection and problems encountered, before invoking the original daemon in syslog (default /var/adm/syslog/syslog.log). The logging level parameter can be specified as either ‘normal’ or ‘extended’ in the /etc/tcpd.conf file. A value of “extended” will cause the TCP Wrappers daemon to log the ACLs information like: the entry with which the client request is matched and its related options. By default, the value for this entry is “normal”, in which case tcpd will log the connection details about refusal or acceptance of the connection. TCP Wrappers suite also provides tools tcpdchk and tcpdmatch to validate the inetd.conf, hosts.allow and hosts.deny entries in the configuration file and to predict how tcpd would handle a specific service request respectively. Refer to tcpdchk and tcpdmatch sections on page 13 for more information. |
|