TCP Wrappers Release Notes
What’s in This Version
TCP Wrapper Features
Chapter 18
• Client Username Lookups
tcpd provides information about the owner of the client-side TCP
connection using the RFC931 protocol. By default, client username
lookup is disabled. If it is enabled through the configuration file
/etc/tcpd.conf, tcpd assumes that the client requesting the service
supports a RFC931-compliant daemon (like IDENT), running on it.
• Setting Traps
This feature is the ability to trigger actions on the host which are
based on attempted connections. For example, the following rule in
/etc/hosts.deny not only rejects the attempt, but also notifies the
system administrator whenever a remote site attempts to access
your TFTP server:
tftpd:ALL:spawn (/usr/bin/safe_finger -1 @%h2>&1| \
mailx -s “remote tftp attempt” root)
• Banner Messages
This feature provides a mechanism to send some message, when an
ACL rule is fired. For example, the following rule in /etc/hosts.deny
file sends the message present in telnetd file in /tmp/banner
directory and denies access whenever a request comes from any host
whose address starts with ‘192.5.2.’.
telnetd:192.5.2.:banners/tmp/banner
The Banner option does not add any service-specific characters while
sending the text to the client as specified in the service protocol. To
use the banner option successfully, the banners file must contain the
necessary protocol parameters in addition to the actual text.
For example, in an ftpd service, each line in the banners file is not
automatically prefixed by the status code (220-) as defined in RFC
959 (FILE TRANSFER PROTOCOL). To send the following text to
the FTP client:
This is a Welcome text to demonstrate the banners
option in tcpd(1M).
HP recommends that you add the protocol-specific response code to
the text as follows:
220-This is a Welcome text to demonstrate the banners
220- option in tcpd(1M).