RSS site feed|Webmaster Stuff|International Calling Cards|Linux Recovery|Server Recovery|Hard Drive Recovery|Raid Recovery
When a user tries to connect to your computer, the connection is made up of a pair of data: an ip address and a port. Inetd reacts to this connection by looking up the port number in /etc/services, and then looking in the file /etc/inetd.conf for a corresponding service, and then runs the service. With tcp wrappers, inetd is tricked into running tcpd instead of the service that would normally be called. Tcpd checks it's rules in the /etc/hosts.allow and /etc/hosts.deny files. It either accepts the connection and runs the service or denies the connection based on it's rules.
TCP wrappers only works for services that ined starts. Sendmail, apache, and named do not use inetd, and so they are not protected via tcp wrappers. Check to see if tcp wrappers is installed ::view the /etc/inetd.conf file. If it is not installed, a typical line looks like this:
ftp stream tcp nowait root /usr/sbin/ftpd ftpd -l -a
and if it is installed, it looks like this:
ftp stream tcp nowait root /usr/sbin/tcpd ftpd -l -a
The bolded part shows the difference. Assuming it is installed, you must edit your /etc/host.allow and /etc/host.deny files
to give tcpd the rules it needs
copyright (c) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
Sumith Sreedhar
Verbatim copying and redistribution of this entire page are permitted
provided this notice is preserved.