summaryrefslogtreecommitdiffstats
path: root/tcp_wrappers
diff options
context:
space:
mode:
authorLukc <lukc@upyum.com>2010-12-11 19:15:23 +0100
committerLukc <lukc@upyum.com>2010-12-11 19:15:35 +0100
commit6d908a38e05b9d4135c65d23114a5874215b5bb8 (patch)
treeb5e6da6d95b9a1235d82032b509b80483a886ff5 /tcp_wrappers
downloadbase-6d908a38e05b9d4135c65d23114a5874215b5bb8.tar.gz
base-6d908a38e05b9d4135c65d23114a5874215b5bb8.tar.bz2
base-6d908a38e05b9d4135c65d23114a5874215b5bb8.tar.xz
base-6d908a38e05b9d4135c65d23114a5874215b5bb8.zip
Engagement initial.
Diffstat (limited to 'tcp_wrappers')
-rw-r--r--tcp_wrappers/.footprint34
-rw-r--r--tcp_wrappers/.md5sum6
-rw-r--r--tcp_wrappers/Pkgfile44
-rw-r--r--tcp_wrappers/Pkgfile.old51
-rw-r--r--tcp_wrappers/hosts.allow7
-rw-r--r--tcp_wrappers/hosts.deny7
-rw-r--r--tcp_wrappers/safe_finger.834
-rw-r--r--tcp_wrappers/try-from.828
8 files changed, 211 insertions, 0 deletions
diff --git a/tcp_wrappers/.footprint b/tcp_wrappers/.footprint
new file mode 100644
index 0000000..2b04002
--- /dev/null
+++ b/tcp_wrappers/.footprint
@@ -0,0 +1,34 @@
+drwxr-xr-x root/root etc/
+-rw-r--r-- root/root etc/hosts.allow
+-rw-r--r-- root/root etc/hosts.deny
+drwxr-xr-x root/root usr/
+drwxr-xr-x root/root usr/include/
+-rw-r--r-- root/root usr/include/tcpd.h
+drwxr-xr-x root/root usr/lib/
+-rw-r--r-- root/root usr/lib/libwrap.a
+lrwxrwxrwx root/root usr/lib/libwrap.so -> libwrap.so.0.7.6
+lrwxrwxrwx root/root usr/lib/libwrap.so.0 -> libwrap.so.0.7.6
+-rwxr-xr-x root/root usr/lib/libwrap.so.0.7.6
+drwxr-xr-x root/root usr/man/
+drwxr-xr-x root/root usr/man/man3/
+-rw-r--r-- root/root usr/man/man3/hosts_access.3.gz
+lrwxrwxrwx root/root usr/man/man3/hosts_ctl.3.gz -> hosts_access.3.gz
+lrwxrwxrwx root/root usr/man/man3/request_init.3.gz -> hosts_access.3.gz
+lrwxrwxrwx root/root usr/man/man3/request_set.3.gz -> hosts_access.3.gz
+drwxr-xr-x root/root usr/man/man5/
+lrwxrwxrwx root/root usr/man/man5/host.allow.5.gz -> hosts_access.5.gz
+lrwxrwxrwx root/root usr/man/man5/host.deny.5.gz -> hosts_access.5.gz
+-rw-r--r-- root/root usr/man/man5/hosts_access.5.gz
+-rw-r--r-- root/root usr/man/man5/hosts_options.5.gz
+drwxr-xr-x root/root usr/man/man8/
+-rw-r--r-- root/root usr/man/man8/safe_finger.8.gz
+-rw-r--r-- root/root usr/man/man8/tcpd.8.gz
+-rw-r--r-- root/root usr/man/man8/tcpdchk.8.gz
+-rw-r--r-- root/root usr/man/man8/tcpdmatch.8.gz
+-rw-r--r-- root/root usr/man/man8/try-from.8.gz
+drwxr-xr-x root/root usr/sbin/
+-rwxr-xr-x root/root usr/sbin/safe_finger
+-rwxr-xr-x root/root usr/sbin/tcpd
+-rwxr-xr-x root/root usr/sbin/tcpdchk
+-rwxr-xr-x root/root usr/sbin/tcpdmatch
+-rwxr-xr-x root/root usr/sbin/try-from
diff --git a/tcp_wrappers/.md5sum b/tcp_wrappers/.md5sum
new file mode 100644
index 0000000..3ec7215
--- /dev/null
+++ b/tcp_wrappers/.md5sum
@@ -0,0 +1,6 @@
+9eaab7733be201959fe72d66fc9791d9 hosts.allow
+a0ee30f6aeaca241c4d44f7c177eca6b hosts.deny
+1a6d7b11abb1fd69ace775d02a1c72cf safe_finger.8
+e40c4f8f90c274af23a38a698b6d1695 tcp-wrappers-7.6-patches-1.0.tar.bz2
+e6fa25f71226d090f34de3f6b122fb5a tcp_wrappers_7.6.tar.gz
+4a8f40f9a69f0848df92b232072e8561 try-from.8
diff --git a/tcp_wrappers/Pkgfile b/tcp_wrappers/Pkgfile
new file mode 100644
index 0000000..c209725
--- /dev/null
+++ b/tcp_wrappers/Pkgfile
@@ -0,0 +1,44 @@
+description="Monitors and Controls incoming TCP connections"
+packager=""
+maintainer="CRUX System Team, core-ports at crux dot nu"
+url="ftp://ftp.porcupine.org/pub/security/index.html"
+depends=()
+
+name=tcp_wrappers
+version=7.6
+release=10
+source=(ftp://ftp.porcupine.org/pub/security/tcp_wrappers_7.6.tar.gz ftp://ftp.uni-frankfurt.de/pub/Mirrors/gentoo.org/distfiles/tcp-wrappers-7.6-patches-1.0.tar.bz2 hosts.allow hosts.deny try-from.8 safe_finger.8)
+build ()
+{
+ cd ${name}_${version};
+ patch -p1 -i $SRC/$version/tcp-wrappers-$version-makefile.patch;
+ patch -p1 -i $SRC/$version/generic/01_all_redhat-bug11881.patch;
+ patch -p0 -i $SRC/$version/generic/02_all_redhat-bug17795.patch;
+ patch -p0 -i $SRC/$version/generic/03_all_wildcard.patch;
+ patch -p1 -i $SRC/$version/generic/04_all_fixgethostbyname.patch;
+ patch -p1 -i $SRC/$version/generic/07_all_sig.patch;
+ patch -p1 -i $SRC/$version/generic/08_all_strerror.patch;
+ patch -p1 -i $SRC/$version/generic/09_all_gcc-3.4.patch;
+ patch -p1 -i $SRC/$version/generic/10_all_more-headers.patch;
+ patch -p1 -i $SRC/$version/tcp-wrappers-$version-shared.patch;
+ patch -p2 -i $SRC/$version/tcp-wrappers-$version-ipv6-1.14.diff;
+ export GENTOO_OPT="-DHAVE_WEAKSYMS -DINET6=1 -Dss_family=__ss_family -Dss_len=__ss_len";
+ export RANLIB=ranlib;
+ export MAJOR=0 MINOR=${version:0:1} REL=${version:2:3};
+ make config-check;
+ make linux;
+ install -d $PKG/{etc,usr/{sbin,lib,include,man/{man3,man5,man8}}};
+ install -m 0755 safe_finger tcpd tcpdchk tcpdmatch try-from $PKG/usr/sbin;
+ install -m 0644 tcpd.h $PKG/usr/include;
+ install -m 0644 libwrap.a $PKG/usr/lib;
+ cp --no-dereference --preserve=links libwrap.so* $PKG/usr/lib;
+ install -m 0644 *.3 $PKG/usr/man/man3;
+ install -m 0644 *.5 $PKG/usr/man/man5;
+ install -m 0644 $SRC/*.8 *.8 $PKG/usr/man/man8;
+ ln -s hosts_access.3.gz $PKG/usr/man/man3/hosts_ctl.3.gz;
+ ln -s hosts_access.3.gz $PKG/usr/man/man3/request_init.3.gz;
+ ln -s hosts_access.3.gz $PKG/usr/man/man3/request_set.3.gz;
+ ln -s hosts_access.5.gz $PKG/usr/man/man5/host.allow.5.gz;
+ ln -s hosts_access.5.gz $PKG/usr/man/man5/host.deny.5.gz;
+ install -m 0644 $SRC/hosts.{deny,allow} $PKG/etc
+}
diff --git a/tcp_wrappers/Pkgfile.old b/tcp_wrappers/Pkgfile.old
new file mode 100644
index 0000000..6b65711
--- /dev/null
+++ b/tcp_wrappers/Pkgfile.old
@@ -0,0 +1,51 @@
+# Description: Monitors and Controls incoming TCP connections
+# URL: ftp://ftp.porcupine.org/pub/security/index.html
+# Maintainer: CRUX System Team, core-ports at crux dot nu
+
+name=tcp_wrappers
+version=7.6
+release=10
+source=(ftp://ftp.porcupine.org/pub/security/${name}_${version}.tar.gz
+ ftp://ftp.uni-frankfurt.de/pub/Mirrors/gentoo.org/distfiles/tcp-wrappers-$version-patches-1.0.tar.bz2
+ hosts.allow hosts.deny try-from.8 safe_finger.8)
+
+build() {
+ cd ${name}_${version}
+
+ patch -p1 -i $SRC/$version/tcp-wrappers-$version-makefile.patch
+ patch -p1 -i $SRC/$version/generic/01_all_redhat-bug11881.patch
+ patch -p0 -i $SRC/$version/generic/02_all_redhat-bug17795.patch
+ patch -p0 -i $SRC/$version/generic/03_all_wildcard.patch
+ patch -p1 -i $SRC/$version/generic/04_all_fixgethostbyname.patch
+ patch -p1 -i $SRC/$version/generic/07_all_sig.patch
+ patch -p1 -i $SRC/$version/generic/08_all_strerror.patch
+ patch -p1 -i $SRC/$version/generic/09_all_gcc-3.4.patch
+ patch -p1 -i $SRC/$version/generic/10_all_more-headers.patch
+ patch -p1 -i $SRC/$version/tcp-wrappers-$version-shared.patch
+ patch -p2 -i $SRC/$version/tcp-wrappers-$version-ipv6-1.14.diff
+
+
+ export GENTOO_OPT="-DHAVE_WEAKSYMS -DINET6=1 -Dss_family=__ss_family -Dss_len=__ss_len"
+ export RANLIB=ranlib
+ export MAJOR=0 MINOR=${version:0:1} REL=${version:2:3}
+ make config-check
+ make linux
+
+ install -d $PKG/{etc,usr/{sbin,lib,include,man/{man3,man5,man8}}}
+
+ install -m 0755 safe_finger tcpd tcpdchk tcpdmatch try-from $PKG/usr/sbin
+ install -m 0644 tcpd.h $PKG/usr/include
+ install -m 0644 libwrap.a $PKG/usr/lib
+ cp --no-dereference --preserve=links libwrap.so* $PKG/usr/lib
+
+ install -m 0644 *.3 $PKG/usr/man/man3
+ install -m 0644 *.5 $PKG/usr/man/man5
+ install -m 0644 $SRC/*.8 *.8 $PKG/usr/man/man8
+ ln -s hosts_access.3.gz $PKG/usr/man/man3/hosts_ctl.3.gz
+ ln -s hosts_access.3.gz $PKG/usr/man/man3/request_init.3.gz
+ ln -s hosts_access.3.gz $PKG/usr/man/man3/request_set.3.gz
+ ln -s hosts_access.5.gz $PKG/usr/man/man5/host.allow.5.gz
+ ln -s hosts_access.5.gz $PKG/usr/man/man5/host.deny.5.gz
+
+ install -m 0644 $SRC/hosts.{deny,allow} $PKG/etc
+}
diff --git a/tcp_wrappers/hosts.allow b/tcp_wrappers/hosts.allow
new file mode 100644
index 0000000..aff4117
--- /dev/null
+++ b/tcp_wrappers/hosts.allow
@@ -0,0 +1,7 @@
+#
+# /etc/hosts.allow
+#
+
+# <service>: <ip>
+
+# End of file
diff --git a/tcp_wrappers/hosts.deny b/tcp_wrappers/hosts.deny
new file mode 100644
index 0000000..efcce18
--- /dev/null
+++ b/tcp_wrappers/hosts.deny
@@ -0,0 +1,7 @@
+#
+# /etc/hosts.deny
+#
+
+ALL: ALL: DENY
+
+# End of file
diff --git a/tcp_wrappers/safe_finger.8 b/tcp_wrappers/safe_finger.8
new file mode 100644
index 0000000..875616b
--- /dev/null
+++ b/tcp_wrappers/safe_finger.8
@@ -0,0 +1,34 @@
+.TH SAFE_FINGER 8 "21th June 1997" Linux "Linux Programmer's Manual"
+.SH NAME
+safe_finger \- finger client wrapper that protects against nasty stuff
+from finger servers
+.SH SYNOPSIS
+.B safe_finger [finger_options]
+.SH DESCRIPTION
+The
+.B safe_finger
+command protects against nasty stuff from finger servers. Use this
+program for automatic reverse finger probes from the
+.B tcp_wrapper
+.B (tcpd)
+, not the raw finger command. The
+.B safe_finger
+command makes sure that the finger client is not run with root
+privileges. It also runs the finger client with a defined PATH
+environment.
+.B safe_finger
+will also protect you from problems caused by the output of some
+finger servers. The problem: some programs may react to stuff in
+the first column. Other programs may get upset by thrash anywhere
+on a line. File systems may fill up as the finger server keeps
+sending data. Text editors may bomb out on extremely long lines.
+The finger server may take forever because it is somehow wedged.
+.B safe_finger
+takes care of all this badness.
+.SH SEE ALSO
+.BR hosts_access (5),
+.BR hosts_options (5),
+.BR tcpd (8)
+.SH AUTHOR
+Wietse Venema, Eindhoven University of Technology, The Netherlands.
+
diff --git a/tcp_wrappers/try-from.8 b/tcp_wrappers/try-from.8
new file mode 100644
index 0000000..9c8f305
--- /dev/null
+++ b/tcp_wrappers/try-from.8
@@ -0,0 +1,28 @@
+.TH TRY-FROM 8 "21th June 1997" Linux "Linux Programmer's Manual"
+.SH NAME
+try-from \- test program for the tcp_wrapper
+.SH SYNOPSIS
+.B try-from
+.SH DESCRIPTION
+The
+.B try-from
+command can be called via a remote shell command to find out
+if the hostname and address are properly recognized
+by the
+.B tcp_wrapper
+library, if username lookup works, and (SysV only) if the TLI
+on top of IP heuristics work. Diagnostics are reported through
+.BR syslog (3)
+and redirected to stderr.
+
+Example:
+
+rsh host /some/where/try-from
+
+.SH SEE ALSO
+.BR hosts_access (5),
+.BR hosts_options (5),
+.BR tcpd (8)
+.SH AUTHOR
+Wietse Venema, Eindhoven University of Technology, The Netherlands.
+