From 6d908a38e05b9d4135c65d23114a5874215b5bb8 Mon Sep 17 00:00:00 2001 From: Lukc Date: Sat, 11 Dec 2010 19:15:23 +0100 Subject: Engagement initial. --- tcp_wrappers/.footprint | 34 +++++++++++++++++++++++++++++++ tcp_wrappers/.md5sum | 6 ++++++ tcp_wrappers/Pkgfile | 44 +++++++++++++++++++++++++++++++++++++++ tcp_wrappers/Pkgfile.old | 51 ++++++++++++++++++++++++++++++++++++++++++++++ tcp_wrappers/hosts.allow | 7 +++++++ tcp_wrappers/hosts.deny | 7 +++++++ tcp_wrappers/safe_finger.8 | 34 +++++++++++++++++++++++++++++++ tcp_wrappers/try-from.8 | 28 +++++++++++++++++++++++++ 8 files changed, 211 insertions(+) create mode 100644 tcp_wrappers/.footprint create mode 100644 tcp_wrappers/.md5sum create mode 100644 tcp_wrappers/Pkgfile create mode 100644 tcp_wrappers/Pkgfile.old create mode 100644 tcp_wrappers/hosts.allow create mode 100644 tcp_wrappers/hosts.deny create mode 100644 tcp_wrappers/safe_finger.8 create mode 100644 tcp_wrappers/try-from.8 (limited to 'tcp_wrappers') diff --git a/tcp_wrappers/.footprint b/tcp_wrappers/.footprint new file mode 100644 index 0000000..2b04002 --- /dev/null +++ b/tcp_wrappers/.footprint @@ -0,0 +1,34 @@ +drwxr-xr-x root/root etc/ +-rw-r--r-- root/root etc/hosts.allow +-rw-r--r-- root/root etc/hosts.deny +drwxr-xr-x root/root usr/ +drwxr-xr-x root/root usr/include/ +-rw-r--r-- root/root usr/include/tcpd.h +drwxr-xr-x root/root usr/lib/ +-rw-r--r-- root/root usr/lib/libwrap.a +lrwxrwxrwx root/root usr/lib/libwrap.so -> libwrap.so.0.7.6 +lrwxrwxrwx root/root usr/lib/libwrap.so.0 -> libwrap.so.0.7.6 +-rwxr-xr-x root/root usr/lib/libwrap.so.0.7.6 +drwxr-xr-x root/root usr/man/ +drwxr-xr-x root/root usr/man/man3/ +-rw-r--r-- root/root usr/man/man3/hosts_access.3.gz +lrwxrwxrwx root/root usr/man/man3/hosts_ctl.3.gz -> hosts_access.3.gz +lrwxrwxrwx root/root usr/man/man3/request_init.3.gz -> hosts_access.3.gz +lrwxrwxrwx root/root usr/man/man3/request_set.3.gz -> hosts_access.3.gz +drwxr-xr-x root/root usr/man/man5/ +lrwxrwxrwx root/root usr/man/man5/host.allow.5.gz -> hosts_access.5.gz +lrwxrwxrwx root/root usr/man/man5/host.deny.5.gz -> hosts_access.5.gz +-rw-r--r-- root/root usr/man/man5/hosts_access.5.gz +-rw-r--r-- root/root usr/man/man5/hosts_options.5.gz +drwxr-xr-x root/root usr/man/man8/ +-rw-r--r-- root/root usr/man/man8/safe_finger.8.gz +-rw-r--r-- root/root usr/man/man8/tcpd.8.gz +-rw-r--r-- root/root usr/man/man8/tcpdchk.8.gz +-rw-r--r-- root/root usr/man/man8/tcpdmatch.8.gz +-rw-r--r-- root/root usr/man/man8/try-from.8.gz +drwxr-xr-x root/root usr/sbin/ +-rwxr-xr-x root/root usr/sbin/safe_finger +-rwxr-xr-x root/root usr/sbin/tcpd +-rwxr-xr-x root/root usr/sbin/tcpdchk +-rwxr-xr-x root/root usr/sbin/tcpdmatch +-rwxr-xr-x root/root usr/sbin/try-from diff --git a/tcp_wrappers/.md5sum b/tcp_wrappers/.md5sum new file mode 100644 index 0000000..3ec7215 --- /dev/null +++ b/tcp_wrappers/.md5sum @@ -0,0 +1,6 @@ +9eaab7733be201959fe72d66fc9791d9 hosts.allow +a0ee30f6aeaca241c4d44f7c177eca6b hosts.deny +1a6d7b11abb1fd69ace775d02a1c72cf safe_finger.8 +e40c4f8f90c274af23a38a698b6d1695 tcp-wrappers-7.6-patches-1.0.tar.bz2 +e6fa25f71226d090f34de3f6b122fb5a tcp_wrappers_7.6.tar.gz +4a8f40f9a69f0848df92b232072e8561 try-from.8 diff --git a/tcp_wrappers/Pkgfile b/tcp_wrappers/Pkgfile new file mode 100644 index 0000000..c209725 --- /dev/null +++ b/tcp_wrappers/Pkgfile @@ -0,0 +1,44 @@ +description="Monitors and Controls incoming TCP connections" +packager="" +maintainer="CRUX System Team, core-ports at crux dot nu" +url="ftp://ftp.porcupine.org/pub/security/index.html" +depends=() + +name=tcp_wrappers +version=7.6 +release=10 +source=(ftp://ftp.porcupine.org/pub/security/tcp_wrappers_7.6.tar.gz ftp://ftp.uni-frankfurt.de/pub/Mirrors/gentoo.org/distfiles/tcp-wrappers-7.6-patches-1.0.tar.bz2 hosts.allow hosts.deny try-from.8 safe_finger.8) +build () +{ + cd ${name}_${version}; + patch -p1 -i $SRC/$version/tcp-wrappers-$version-makefile.patch; + patch -p1 -i $SRC/$version/generic/01_all_redhat-bug11881.patch; + patch -p0 -i $SRC/$version/generic/02_all_redhat-bug17795.patch; + patch -p0 -i $SRC/$version/generic/03_all_wildcard.patch; + patch -p1 -i $SRC/$version/generic/04_all_fixgethostbyname.patch; + patch -p1 -i $SRC/$version/generic/07_all_sig.patch; + patch -p1 -i $SRC/$version/generic/08_all_strerror.patch; + patch -p1 -i $SRC/$version/generic/09_all_gcc-3.4.patch; + patch -p1 -i $SRC/$version/generic/10_all_more-headers.patch; + patch -p1 -i $SRC/$version/tcp-wrappers-$version-shared.patch; + patch -p2 -i $SRC/$version/tcp-wrappers-$version-ipv6-1.14.diff; + export GENTOO_OPT="-DHAVE_WEAKSYMS -DINET6=1 -Dss_family=__ss_family -Dss_len=__ss_len"; + export RANLIB=ranlib; + export MAJOR=0 MINOR=${version:0:1} REL=${version:2:3}; + make config-check; + make linux; + install -d $PKG/{etc,usr/{sbin,lib,include,man/{man3,man5,man8}}}; + install -m 0755 safe_finger tcpd tcpdchk tcpdmatch try-from $PKG/usr/sbin; + install -m 0644 tcpd.h $PKG/usr/include; + install -m 0644 libwrap.a $PKG/usr/lib; + cp --no-dereference --preserve=links libwrap.so* $PKG/usr/lib; + install -m 0644 *.3 $PKG/usr/man/man3; + install -m 0644 *.5 $PKG/usr/man/man5; + install -m 0644 $SRC/*.8 *.8 $PKG/usr/man/man8; + ln -s hosts_access.3.gz $PKG/usr/man/man3/hosts_ctl.3.gz; + ln -s hosts_access.3.gz $PKG/usr/man/man3/request_init.3.gz; + ln -s hosts_access.3.gz $PKG/usr/man/man3/request_set.3.gz; + ln -s hosts_access.5.gz $PKG/usr/man/man5/host.allow.5.gz; + ln -s hosts_access.5.gz $PKG/usr/man/man5/host.deny.5.gz; + install -m 0644 $SRC/hosts.{deny,allow} $PKG/etc +} diff --git a/tcp_wrappers/Pkgfile.old b/tcp_wrappers/Pkgfile.old new file mode 100644 index 0000000..6b65711 --- /dev/null +++ b/tcp_wrappers/Pkgfile.old @@ -0,0 +1,51 @@ +# Description: Monitors and Controls incoming TCP connections +# URL: ftp://ftp.porcupine.org/pub/security/index.html +# Maintainer: CRUX System Team, core-ports at crux dot nu + +name=tcp_wrappers +version=7.6 +release=10 +source=(ftp://ftp.porcupine.org/pub/security/${name}_${version}.tar.gz + ftp://ftp.uni-frankfurt.de/pub/Mirrors/gentoo.org/distfiles/tcp-wrappers-$version-patches-1.0.tar.bz2 + hosts.allow hosts.deny try-from.8 safe_finger.8) + +build() { + cd ${name}_${version} + + patch -p1 -i $SRC/$version/tcp-wrappers-$version-makefile.patch + patch -p1 -i $SRC/$version/generic/01_all_redhat-bug11881.patch + patch -p0 -i $SRC/$version/generic/02_all_redhat-bug17795.patch + patch -p0 -i $SRC/$version/generic/03_all_wildcard.patch + patch -p1 -i $SRC/$version/generic/04_all_fixgethostbyname.patch + patch -p1 -i $SRC/$version/generic/07_all_sig.patch + patch -p1 -i $SRC/$version/generic/08_all_strerror.patch + patch -p1 -i $SRC/$version/generic/09_all_gcc-3.4.patch + patch -p1 -i $SRC/$version/generic/10_all_more-headers.patch + patch -p1 -i $SRC/$version/tcp-wrappers-$version-shared.patch + patch -p2 -i $SRC/$version/tcp-wrappers-$version-ipv6-1.14.diff + + + export GENTOO_OPT="-DHAVE_WEAKSYMS -DINET6=1 -Dss_family=__ss_family -Dss_len=__ss_len" + export RANLIB=ranlib + export MAJOR=0 MINOR=${version:0:1} REL=${version:2:3} + make config-check + make linux + + install -d $PKG/{etc,usr/{sbin,lib,include,man/{man3,man5,man8}}} + + install -m 0755 safe_finger tcpd tcpdchk tcpdmatch try-from $PKG/usr/sbin + install -m 0644 tcpd.h $PKG/usr/include + install -m 0644 libwrap.a $PKG/usr/lib + cp --no-dereference --preserve=links libwrap.so* $PKG/usr/lib + + install -m 0644 *.3 $PKG/usr/man/man3 + install -m 0644 *.5 $PKG/usr/man/man5 + install -m 0644 $SRC/*.8 *.8 $PKG/usr/man/man8 + ln -s hosts_access.3.gz $PKG/usr/man/man3/hosts_ctl.3.gz + ln -s hosts_access.3.gz $PKG/usr/man/man3/request_init.3.gz + ln -s hosts_access.3.gz $PKG/usr/man/man3/request_set.3.gz + ln -s hosts_access.5.gz $PKG/usr/man/man5/host.allow.5.gz + ln -s hosts_access.5.gz $PKG/usr/man/man5/host.deny.5.gz + + install -m 0644 $SRC/hosts.{deny,allow} $PKG/etc +} diff --git a/tcp_wrappers/hosts.allow b/tcp_wrappers/hosts.allow new file mode 100644 index 0000000..aff4117 --- /dev/null +++ b/tcp_wrappers/hosts.allow @@ -0,0 +1,7 @@ +# +# /etc/hosts.allow +# + +# : + +# End of file diff --git a/tcp_wrappers/hosts.deny b/tcp_wrappers/hosts.deny new file mode 100644 index 0000000..efcce18 --- /dev/null +++ b/tcp_wrappers/hosts.deny @@ -0,0 +1,7 @@ +# +# /etc/hosts.deny +# + +ALL: ALL: DENY + +# End of file diff --git a/tcp_wrappers/safe_finger.8 b/tcp_wrappers/safe_finger.8 new file mode 100644 index 0000000..875616b --- /dev/null +++ b/tcp_wrappers/safe_finger.8 @@ -0,0 +1,34 @@ +.TH SAFE_FINGER 8 "21th June 1997" Linux "Linux Programmer's Manual" +.SH NAME +safe_finger \- finger client wrapper that protects against nasty stuff +from finger servers +.SH SYNOPSIS +.B safe_finger [finger_options] +.SH DESCRIPTION +The +.B safe_finger +command protects against nasty stuff from finger servers. Use this +program for automatic reverse finger probes from the +.B tcp_wrapper +.B (tcpd) +, not the raw finger command. The +.B safe_finger +command makes sure that the finger client is not run with root +privileges. It also runs the finger client with a defined PATH +environment. +.B safe_finger +will also protect you from problems caused by the output of some +finger servers. The problem: some programs may react to stuff in +the first column. Other programs may get upset by thrash anywhere +on a line. File systems may fill up as the finger server keeps +sending data. Text editors may bomb out on extremely long lines. +The finger server may take forever because it is somehow wedged. +.B safe_finger +takes care of all this badness. +.SH SEE ALSO +.BR hosts_access (5), +.BR hosts_options (5), +.BR tcpd (8) +.SH AUTHOR +Wietse Venema, Eindhoven University of Technology, The Netherlands. + diff --git a/tcp_wrappers/try-from.8 b/tcp_wrappers/try-from.8 new file mode 100644 index 0000000..9c8f305 --- /dev/null +++ b/tcp_wrappers/try-from.8 @@ -0,0 +1,28 @@ +.TH TRY-FROM 8 "21th June 1997" Linux "Linux Programmer's Manual" +.SH NAME +try-from \- test program for the tcp_wrapper +.SH SYNOPSIS +.B try-from +.SH DESCRIPTION +The +.B try-from +command can be called via a remote shell command to find out +if the hostname and address are properly recognized +by the +.B tcp_wrapper +library, if username lookup works, and (SysV only) if the TLI +on top of IP heuristics work. Diagnostics are reported through +.BR syslog (3) +and redirected to stderr. + +Example: + +rsh host /some/where/try-from + +.SH SEE ALSO +.BR hosts_access (5), +.BR hosts_options (5), +.BR tcpd (8) +.SH AUTHOR +Wietse Venema, Eindhoven University of Technology, The Netherlands. + -- cgit v1.2.3-54-g00ecf