1136-1138.html

linux-unix130.linux.and.unix.ebooks130 linux and unix ebookslinuxLearning Linux - Collection of 12 E

<HTML>
<HEAD>
<TITLE>Linux Complete Command Reference:File Formats:EarthWeb Inc.-</TITLE>
</HEAD>
<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
<SCRIPT>
<!--
function displayWindow(url, width, height) {
        var Win = window.open(url,"displayWindow",'width=' + width +
',height=' + height + ',resizable=1,scrollbars=yes');
}
//-->
</SCRIPT>
</HEAD>

 -->


<!-- ISBN=0672311046 //-->
<!-- TITLE=Linux Complete Command Reference//-->
<!-- AUTHOR=Red Hat//-->
<!-- PUBLISHER=Macmillan Computer Publishing//-->
<!-- IMPRINT=Sams//-->
<!-- CHAPTER=05 //-->
<!-- PAGES=1103-1208 //-->
<!-- UNASSIGNED1 //-->
<!-- UNASSIGNED2 //-->

<P><CENTER>
<a href="1135-1135.html">Previous</A> | <a href="../ewtoc.html">Table of Contents</A> | <a href="1139-1140.html">Next</A></CENTER></P>



<A NAME="PAGENUM-1136"><P>Page 1136</P></A>


<P>The default policy (access granted) makes the allow file redundant so that it can be omitted. The explicitly
non-authorized hosts are listed in the deny file:
</P>

<!-- CODE SNIP //-->
<PRE>
/etc/hosts.deny:

ALL: some.host.name, .some.domain
ALL EXCEPT in.fingerd: other.host.name, .other.domain
</PRE>
<!-- END CODE SNIP //-->

<P>The first rule denies some hosts all services; the second rule still permits finger requests from other hosts.
</P>

<P><B>
BOOBY TRAPS
</B></P>

<P>The next example permits tftp requests from hosts in the local domain. Requests from any other hosts are denied. Instead
of the requested file, a finger probe is sent to the offending host. The result is mailed to the superuser.
</P>

<!-- CODE //-->
<PRE>
/etc/hosts.allow:

in.tftpd: LOCAL, .my.domain /etc/hosts.deny:
in.tftpd: ALL: (/some/where/safe_finger -l @%h | \
/usr/ucb/mail -s %d-%h root) &amp;
</PRE>
<!-- END CODE //-->

<P>The safe_finger command comes with the tcpd wrapper and should be installed in a suitable place. It limits possible
damage from data sent by the remote finger server. It gives better protection than the standard finger command.
</P>

<P>The expansion of the %h (remote host) and %d (service name) sequences is described in the section on shell commands.
</P>

<P>Warning: Do not booby-trap your finger daemon, unless you are prepared for infinite finger loops.
</P>

<P>On network firewall systems, this trick can be carried even further. The typical network firewall only provides a limited set
of services to the outer world. All other services can be &quot;bugged&quot; just like the preceding
tftp example. The result is an excellent early-warning system.
</P>

<P><B>
DIAGNOSTICS
</B></P>

<P>An error is reported when a syntax error is found in a host access control rule, when the length of an access control
rule exceeds the capacity of an internal buffer, when an access control rule is not terminated by a newline character, when
the result of %&lt;character&gt; expansion would overflow an internal buffer, and when a system call fails that shouldn't. All
problems are reported via the syslog daemon.
</P>

<P><B>
FILES
</B></P>

<P>/etc/hosts.allow, (daemon,client) pairs that are granted access.
</P>

<P>/etc/hosts.deny, (daemon,client) pairs that are denied access.
</P>

<P><B>
SEE ALSO
</B></P>

<P>tcpd(8), TCP/IP daemon wrapper program
</P>

<P><B>
BUGS
</B></P>

<P>If a nameserver lookup times out, the hostname will not be available to the access control software, even though the host
is registered.
</P>

<P>Domain nameserver lookups are case insensitive; NIS (formerly YP) netgroup lookups are case sensitive.
</P>

<P><B>
AUTHOR
</B></P>

<P>Wietse Venema (wietse@wzv.win.tue.nl), Department of Mathematics and Computing Science, Eindhoven University
of Technology, Den Dolech 2, P.O. Box 513, 5600 MB Eindhoven, The Netherlands.
</P>

<A NAME="PAGENUM-1137"><P>Page 1137</P></A>



<H3><A NAME="ch05_ 23">
hosts_options
</A></H3>

<P>hosts_options&#151;Host access control language extensions.
</P>

<P><B>
DESCRIPTION
</B></P>

<P>This document describes optional extensions to the language described in the
hosts_access(5) document. The extensions are enabled at program build time by editing the makefile.
</P>

<P>The extensible language uses the following format:
</P>

<!-- CODE SNIP //-->
<PRE>
daemon_list : client_list : option : option ...
</PRE>
<!-- END CODE SNIP //-->

<P>The first two fields are described in the
hosts_access(5) manual page. The remainder of the rules is a list of zero or
more options. Any : characters within options should be protected with a backslash.
</P>
<P>An option is of the form keyword or keyword =
value. Options are processed in the specified order. With some options,
the value is subjected to %&lt;character&gt; substitutions.
</P>

<P><B>
OPTIONS
</B></P>

<TABLE>

<TR><TD>
severity = mail.info
</TD><TD>
Change the severity level at which the event will be logged. Facility names (such
as mail) are optional and are not supported on systems with older
syslog implementations. The severity option can be used to emphasize or to completely ignore
specific events.
</TD></TR><TR><TD>
allow (deny)
</TD><TD>
Grant (deny) service, even when the matched rule was found in the
hosts.deny (hosts.allow) file. These options must appear at the end of a rule.
</TD></TR></TABLE>

<P>With the allow and deny keywords, it is possible to keep all access control rules within a single file&#151;for example, in
the hosts.allow file:
</P>

<!-- CODE SNIP //-->
<PRE>
ALL: .friendly.domain: allow
ALL: ALL: deny
</PRE>
<!-- END CODE SNIP //-->

<P>This permits access from specific hosts only. On the other hand,
</P>

<!-- CODE SNIP //-->
<PRE>
ALL: .trouble.makers: deny
ALL: ALL: allow
</PRE>
<!-- END CODE SNIP //-->

<P>This permits access from all hosts except a few troublemakers.
</P>

<TABLE>

<TR><TD>
twist = shell_command
</TD><TD>
Replace the current process by an instance of
the specified shell command, after performing the
%&lt;character&gt; expansions described in the
hosts_access(5) manual page. stdin, stdout, and
stderr are connected to the remote client process. This option must appear at the end of a
rule. Examples:
</TD></TR><TR><TD>
in.ftpd : ... : twist = /bin/echo 421
</TD><TD>
Some bounce message sends a customized
bounce message to the remote client instead of running
the real FTP daemon.
</TD></TR><TR><TD>
in.telnetd : ... : twist = PATH=/some/other; exec
in.telnetd
</TD><TD>
Runs /some/other/in.telnetd without polluting
its command-line array or its process environment.
</TD></TR><TR><TD>
</TD><TD>
Warning: In case of UDP services, do not twist
into commands that use the standard I/O or the
read(2)/write(2) routines to communicate with the client process; UDP requires other I/O primitives.
</TD></TR><TR><TD>
spawn = shell_command
</TD><TD>
Execute the shell command in a child process,
after performing the %&lt;character&gt; expansions
described in the hosts_access(5) manual page. The
command
</TD></TR></TABLE>

<A NAME="PAGENUM-1138"><P>Page 1138</P></A>


<TABLE>

<TR><TD>
</TD><TD>
is executed with stdin, stdout, and stderr connected to the null device so that it won't
mess up the conversation with the remote host. Example:
</TD></TR><TR><TD>
spawn = (/some/where/safe_finger -l @%h | /usr/ucb/mail root)
&amp; 
</TD><TD>
Executes, in a background child process, the
shell command safe_finger -l @%h | mail root after replacing
%h by the name or address of the remote host.
</TD></TR><TR><TD>
</TD><TD>
The example uses the safe_finger command instead of the regular
finger command to limit possible damage from data sent by the finger
server. The safe_finger command is part of the
daemon wrapper package; it is a wrapper around the
regular finger command that filters the data sent by
the remote host.
</TD></TR><TR><TD>
umask = 022
</TD><TD>
Like the umask command that is built into the
shell. An umask of 022 prevents the creation of files
with group and world write permission. The umask argument should be an octal number.
</TD></TR><TR><TD>
keepalive
</TD><TD>
Causes the server to periodically send a message
to the client. The connection is considered broken when the client does not respond. The
keepalive option can be useful when users turn off
their machine while it is still connected to a server.
The keepalive option is not useful for datagram
(UDP) services.
</TD></TR><TR><TD>
linger = number_of_seconds
</TD><TD>
Specifies how long the kernel will try to deliver
not-yet delivered data after the server process closes
a connection.
</TD></TR><TR><TD>
nice = niceval
</TD><TD>
</TD></TR><TR><TD>
nice (no argument)
</TD><TD>
Change the nice value of the process (default
10). Specify a positive value to spend more CPU resources on other processes.
</TD></TR><TR><TD>
user = nobody
</TD><TD>
Assume the privileges of the
nobody account. This is useful with inetd implementations that run
all services with root privilege. It is good practice
to run services such as finger at a reduced
privilege level.
</TD></TR><TR><TD>
group = tty
</TD><TD>
Assume the privileges of the
tty group. This is useful mostly in combination with the
user option. In order to switch both user and group IDs,
switch group ID before switching user ID.
</TD></TR><TR><TD>
setenv = name value
</TD><TD>
Place a (name, value) pair into the process
environment. The value is subjected to
%&lt;character&gt; expansions and may contain whitespace
(but leading and trailing blanks are stripped off).
</TD></TR><TR><TD>
</TD><TD>
Warning: Many network daemons reset their environment before spawning a login or
shell process.
</TD></TR></TABLE>



<P><CENTER>
<a href="1135-1135.html">Previous</A> | <a href="../ewtoc.html">Table of Contents</A> | <a href="1139-1140.html">Next</A></CENTER></P>



</td>
</tr>
</table>
<!-- begin footer information -->




</body></html>