Tuesday, May 21, 2013

TCP-WRAPPER

11:38 AM  Magicalbinary  5 comments



                                        TCP-WRAPPER



Two files which is used for tcp-wrappers

1> ls /etc/hosts.allow
2> ls /etc/hosts.deny


NOTE :- tcp-wrappers will control only that services which are dependent on
-----  `libwrap.so` library.

#which vsftpd  ---> ( it will show the binary location of the vsftpd )

# ldd /usr/bin/vsftpd  ----> ( this ldd command will show the dependency list )

# strings /usrlib/libwrap.so | less   ----> ( to read the library )

# man 5 hosts_access    ----> ( man page for tcp-wrappers )


# vim /etc/hosts.deny

vsftpd:ALL  ------> deny service to everyone

vsftpd:ALL EXCEPT .example.com  

vsftpd:ALL EXCEPT 192.168.1.25

vsftpd:192.168.1.0/255.255.255.0

vsftpd:.yahoo.com

sshd,vsftpd:.yahoo.com     ----> ( for ssh & vsftpd )

ALL:ALL          -----> ( this is for all service for all daemon )

--------------------------------------------------------------------------------


SHELL COMMAND :-
################

1> SPAWN:- When connection will stablish to access the main daemon `spawn` will     execute the process which is given after spawn as a child process


# vim /etc/hosts.allow
 vsftpd:ALL:spawn /bin/echo `/bin/date` from %h >> /var/log/abc.log


2> TWIST:- If the twist is given as shell command & even if it is mentioned in   /etc/hosts.allow file. It will not allow access of main daemon, instead of that it will execute the process which is given after twist.

# vim /etc/hosts.allow
vsftpd:ALL:twist /bin/echo "Bad hosts are not allowed"


Posted in:

5 comments:

Post a Comment