tcpwrappers.html

黑客培训教程

<HTML>
<HEAD>
<title>TCP Wrappers Disclosed</title>
<STYLE type=text/css>A:active {
	TEXT-DECORATION: none
}
A:hover {
	TEXT-DECORATION: underline
}
A:link {
	TEXT-DECORATION: none
}
A:visited {
	TEXT-DECORATION: none
}
</STYLE>

</HEAD>
<BODY aLink=#ccff00 bgColor=#000000 leftMargin=20 link=#99ccff text=#cccccc 
topMargin=3 vLink=#cc99ff marginwidth="0" marginheight="0">
<table width="680" border="0" cellspacing="2" cellpadding="2" align="center">
  <tr> 
    <td width="693"> 
      <pre>
                        :::::::::   ::::::::  :::::::::  :::::::::: 
                        :+:    :+: :+:    :+: :+:    :+: :+:        
                        +:+    +:+ +:+        +:+    +:+ +:+        
                        +#++:++#+  +#++:++#++ +#++:++#:  :#::+::#   
                        +#+    +#+        +#+ +#+    +#+ +#+        
                        #+#    #+# #+#    #+# #+#    #+# #+#        
                        #########   ########  ###    ### ###  
                         
              	             <a href="http://blacksun.box.sk">http://blacksun.box.sk</a> 
                            
                           _____________________________
    ______________________I       <b>   Topic:</b>            I_____________________
   \                      I                            I                    /
    \     HTML by:        I        <b>TCP Wrappers</b>        I   Written by:     /
    >                     I         <b>Disclosed</b>          I                  < 
   /      <a href="mailto:rammal81@hotmail.com">Mikkkeee</a>        I____________________________I   <a href="mailto:rammal81@hotmail.com">Mikkkeee</a>        \
  /__________________________>                    <_________________________\</pre>
    </td>
  </tr>
</table><br>
   

<BR>

<P>1-<A HREF="#basic intro">Basic Introduction to TCP Wrappers</A>
<BR><FONT COLOR="#FF0000">-</FONT><FONT COLOR="#808080">=</FONT>        <A HREF="#logging">Logging</A>
<BR><FONT COLOR="#FF0000">-</FONT><FONT COLOR="#999999">=</FONT>        <A HREF="#links">Finding
TCP Wrappers(links)</A>

<P>2-C<A HREF="#config/setting">onfigure/setting up TCP Wrappers</A>
<BR><FONT COLOR="#FF0000">-</FONT><FONT COLOR="#808080">=</FONT><A HREF="#inetd.conf">Configure
the inetd.conf file</A>
<BR><FONT COLOR="#FF0000">-</FONT><FONT COLOR="#808080">=</FONT><A HREF="#hosts.allow">hosts.allow</A>
<BR><FONT COLOR="#FF0000">-</FONT><FONT COLOR="#808080">=</FONT><A HREF="#hosts.deny">hosts.deny</A>
<BR><FONT COLOR="#FF0000">-</FONT><FONT COLOR="#808080">=</FONT><A HREF="#variables">Optional
variables for shells commands</A>

<P>3-<A HREF="#conclusion">Conclusion</A>
<p>4-<A HREF="#shoutz">Greetz</a>

<P>Well here is another guide on a topic not covered by many tutorial writers.
This guide is somewhat intermediate so many concepts won't be discussed
cause they have been covered in other articles. You can always check
<a href="http://blacksun.box.sk">http://blacksun.box.sk</a> for the concepts not covered here.

<P>-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
<BR><A NAME="basic intro"></A>1-Basic Introduction to TCP Wrappers
<BR>-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

<P>Many of you guys reading this tutorial are not old enough to remember
the development of the TCP/IP protocols many years ago in the plan to help
join the variety of networks connected to the first Internet. Those first
systems to implement the TCP/IP protocols were government sites and academic
sites run by scientists, academics and government individuals. During the
early days, the need for security was nothing like the need we have today.
The User Datagram Protocol (UDP), Transmission Control Protocol (TCP) and
the Internet Protocol (IP) were all created with security as the least
important aspect in mind. The utilities that were developed later
like Telnet and FTP share the same faulty security, ie, both utilities
enforce "security" by making the user input a username and password that
is valid on the remote system. This security is faulty because both the
username/password are sent on the network as clear text and anyone with
little experience can sniff the user/pass with great ease. As advancements
in technology and TCP/IP progressed, TCP/IP became the most popular protocol
when it was implemented on Novell Netware and the UNIX operating system.
As the Internet came into our homes, the default network protocol package
has become adopted on all major computers and software vendors.
<BR>&nbsp;With this sudden surge in technology there is always the little
thing called "security" that has to be satisfied. Now there are many different
products that can be used by an admin to enhance his network security,
hence the idea of a firewall and its components, one of them is " TCP wrappers."&nbsp;
Dealing with constant hacker attacks against his University's computers,
<a href="mailto:wietse@wzv.win.tue.nl">Wietse Venema</a> from Eindhoven University of Technology was the first person
to develop TCP wrappers. So now you ask what are they? Well TCP Wrappers
restrict which networks services can be used and which hosts are going
to be allowed to use these services. TCP Wrappers can be configured to
handle many of the basic netowrk services found our on your unix box, ie,&nbsp;
Finger, FTP, Telnet, Rlogin,TFTP and the list goes on and on. Well
we have to answer what do these services share in common, well if you haven't
noticed they all share a one-to-one mapping between the service name and
the executable program that provides the service, so that sets us up on
the intro, on to how TCP wrappers work.
<p>-=-=-=-=-=
<br><A NAME="logging"></A>Logging
<br>-=-=-=-=-=<br>
<BR>On a linux box, when the inetd daemon gets a network request, it first
determines which service to startup based on the port number the service
runs from. In the file /etc/services a mapping of port numbers to
service names can be found. After inetd has processed which service to
start up, it then reads inetd.conf to know what program it should run to
answer the network request. Now for the TCP Wrappers Daemon (tcpd)
to make access/deny control decisions and to perform its duties of logging,
you must first edit the inetd.conf file to specify that the tcpd runs instead
of the executable that normally satisfies the service request. tcpd
performs its job by allowing the host that is making the request to use
the service, if allowed tcpd starts the executable for that specific service,
so in all TCP wrappers really work by putting itself between inetd and
the network service requested.
<BR>In the last paragraph i mentioned something about the logging ability
of TCP wrapper, well that will be explained here. TCP Wrappers allow you
to log who is using the service on your box so you can trace and halt any
suspicious activity waiting. Logging information is sent to the syslogd,
which also provides the core logging facility for the unix box. To tell
syslogd what to do with these log enteries, you can control what is done
by editing the /etc/syslog.conf file. Setup on default, TCP wrappers
sends its logging info to the same place as the transaction logs of the
sendmail daemon, so syslogd can log info to one or more files, either the
system or user console.
<BR>Since I am guessing your an intermediate linux user, you might have
already come across TCP wrappers before as part of your linux/unix package.
TCP Wrappers usually come in .c code so you have to compile it, you
should be familiar with compiling code on your box. TCP wrappers are very
popular among security people and paranoid hackers so first check your
linux package cause you might already have one and if you don't here are
some links.<br><p>
-=-=-=-=-=<br>
<A NAME="links"></A>Links<br>-=-=-=-=-=

<P><a href="ftp://ftp.porcupine.org/pub/security/index.html">ftp://ftp.porcupine.org/pub/security/index.html</a> * get everything at this page!
<BR>Here are some more significant links if you wish to learn more about the tcp wrapper package!<br>
<a href="ftp://cert.org:/pub/tools/tcp_wrappers/tcp_wrappers.*">ftp://cert.org:/pub/tools/tcp_wrappers/tcp_wrappers.*</a>
<br>
<a href="ftp.win.tue.nl:/pub/security/long_tcp.shar.Z">ftp.win.tue.nl:/pub/security/long_tcp.shar.Z</a>
<br>
<a href="http://packetstorm.securify.com">http://packetstorm.securify.com</a>

<BR>

<P>-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
<BR>2-<A NAME="config/setting"></A>Configure/Setting up TCP Wrappers
<BR>-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

<P>Now that you have found the TCP wrapper source code/compiled successfully
you will need to config/setup TCP wrappers. When you have the tcpd executable,
you now have to go to the second job, editing inetd.conf, hosts.allow,
and hosts.deny!

<P><A NAME="inetd.conf"></A>Configure the inetd.conf file
<BR>Lets configure the inetd daemon first!

<P>to edit this file at the prompt type the following
<BR>root@mike:~# pico /etc/inetd.conf
<BR>that will bring up the configuration file up in pico, here is a sample
of an entery that can be found in your inetd.conf file.
<BR>&nbsp;
<BR>&nbsp;

<PRE>
		              wait/nowait
			      if wait, inetd starts up a process for a 	
   	                      request then waits till done to start another 
			      request.  If nowait starts up a process and 
            stream	      doesn't wait till it starts another process, 
      dgram, or datagram      but simply goes and does the next.
	     \  	       \
     ftp   stream     tcp   nowait  root  /usr/sbin/wu.ftpd wu.fptd -l -i -o
       /                 \               \            \              \  
name of service         protocol        Uid either     \              \  
like telnet, finger     tcp or udp      root or another \              |
			defined in      user             \             |
			/etc/protocols           name of server        | 
			file                     program inetd         |
					         starts up             |