Search iEntry News

UnixProNews
SecurityProNews
ITmanagement












Setting Up Tcp Wrappers On Solaris

By Karen Katz
Expert Author
Article Date: 2003-06-24

Tcp Wrappers is a great program that logs and filters incoming requests for various network services. If you dont already have the source code you can get it from my link in the downloads menu.

Step 1: Unpack the source code to the desired directory on Solaris.


Step 2: Read the README file


Step 3: Customize the Makefile:


Open the Makefile and read the instructions for customizing it to your particular system.

Here are the customizations I made. Assuming you have Solaris 8 on an Intel machine, they will probably work for you as well.

- Find the following 2 lines:

#SysV.4 Solaris 2.x OSF AIX
#REAL_DAEMON_DIR=/usr/sbin <-----Uncomment this line.

-Scroll down to the section for SunOs5.
If you are using gcc you'll have to let make know by adding the following: CC=gcc (get used to doing this)

-Scroll through the system dependencies and uncomment any lines relevant to your system.

-Also in the system dependencies section look for the paragraph regarding IPV6 and make sure the line
IPV6= -DHAVE_IPV6 is uncommented.


Step 4: Compile the program for Solaris


When you have finished editing the makefile, at the prompt type make sunos5


Step 5: Install


Step 6: Create the tcpwrapper access files /etc/hosts.allow and /etc/hosts.deny.


The examples below show a simple way to block access from the internet but allow it from the local network.

Sample Solaris hosts.allow file:

vi hosts.allow
in.lpd,sshd,in.ftpd,in.telnetd: .sol8.paradise.net,.bytes.paradise.net,10.0.0.2,10.0.0.1

Sample Solaris hosts.deny file:

vi hosts.deny
ALL: ALL


Step 7: Edit the inetd.conf configuration file


Backup /etc/inetd.conf: cp /etc/inetd.conf /etc/inetd.conf.old

Edit /etc/inetd.conf replacing the service daemon with /usr/sbin/tcpd

For Example:

ftp stream tcp6 nowait root /usr/sbin/in.ftpd in.ftpd becomes ---->
ftp stream tcp6 nowait root /usr/sbin/tcpd in.ftpd

telnet stream tcp6 nowait root /usr/sbin/in.telnetd in.telnetd becomes ---->
telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd

Some of the service daemons aren't in /usr/sbin in this case you need to specify an absolute path.

For Example:

walld/1 tli rpc/datagram_v wait root /usr/lib/netsvc/rwall/rpc.rwalld rpc.rwalld becomes ---->
walld/1 tli rpc/datagram_v wait root /usr/sbin/tcpd /usr/lib/netsvc/rwall/rpc.rwalld


Step 8: Restart inetd on Solaris: pkill -HUP inetd


If you would like a permanent copy of this tutorial I have compiled an e-book with every tutorial and article on this site.
Click here for more information
About the Author:
Karen Katz is currently a Certified Systems Administrator in the San Francisco Bay Area. She also maintains a website with Unix and Solaris tutorials at http://www.techgirl-net.com/.

Newsletter Archive | Article Archive | Submit Article | Advertising Information | Resources | About Us | Contact

UnixProNews is an iEntry, Inc. ® publication - 1998-2008 All Rights Reserved Privacy Policy and Legal