[techtalk] xinetd and tcp_wrappers

[Brian Sweeney]

It is compiled against libwrap in 7.1; in fact, you have to pass it an
option to ignore the tcpwrappers functionality if you want it to, like the
following:

service finger
{
        socket_type     = stream
        wait            = no
        user            = nobody
        server          = /usr/sbin/in.fingerd
        disable         = yes # --> This actually disables the
service...don't put this in unless that's what you want to do!
        flags           = NOLIBWRAP # This is the line to disable
tcpwrapper.  Without this, it will by default check with hosts.allow and
hosts.deny  I believe you can also specify the tcpd in the server line above
same as inetd if you like.
}

Good luck!

-Brian

> -----Original Message-----
> From: techtalk-admin at linuxchix.org
> [mailto:techtalk-admin at linuxchix.org]On Behalf Of Paul Hardacre
> Sent: Thursday, June 14, 2001 8:23 AM
> To: Martin.Caitlyn at epamail.epa.gov; techtalk at linuxchix.org
> Subject: Re: [techtalk] xinetd and tcp_wrappers
>
>
> At 16:08 14/06/2001, Martin.Caitlyn at epamail.epa.gov wrote:
> >Does anyone have any experience using tcp_wrappers in conjunction with
> >xinetd, as opposed to inetd.  The tcp_wrappers man page that
> came with Red
> >Hat 7.1 still refers to the inetd.conf file, but, of course,
> that no longer
> >exists.  Is there any reason I can't invoke tcpd and refer to the service
> >to be run in the various configuration files in /etc/xinetd.d
> the same way
> >I did in the old /etc/inetd.conf file?  Are there any issues I should be
> >aware of?
>
> I don't know if it has been compiled against libwrap in RH7.1. I
> use RH7.1
> here on my test box on my desk. I personally haven't bothered much with
> tcpwrappers/access control, etc cos the box is on my desk and not
> connected
> to the internet, only accessible to me and anyone on our internal network.
>
> I did look at the FAQ the other day for another reason (setting up a CVS
> pserver) and noticed something about wrappers. Here's what it has to say:
>
> Q. Does xinetd support libwrap (tcpwrappers)?
> A. Yes. xinetd can be compiled with libwrap support by passing
> --with-libwrap as an option to the configure script. When xinetd is
> compiled with libwrap support, all services can use the
> /etc/host.allow and
> /etc/host.deny access control. xinetd can also be configured to
> use tcpd in
> the traditional inetd style. This requires the use of the
> NAMEINARGS flag,
> and the name of the real daemon be passed in as server_args. Here is an
> example for using telnet with tcpd:
> service telnet
> {
>          flags       = REUSE NAMEINARGS
>          protocol    = tcp
>          socket_type = stream
>          wait        = no
>          user        = telnetd
>          server      = /usr/sbin/tcpd
>          server_args = /usr/sbin/in.telnetd
> }
>
> Hope that helps..
>
> Paul