HP-UX Internet Services Administrator's Guide (August 2003)
TCP Wrappers
TCP Wrappers Files
Chapter 348
NOTE If you specify this entry without the absolute path of telnetd
(/usr/lbin/telnetd), tcpd searches the telnetd binary in the
/usr/lbin/wrapper directory.
The last component of the path name, /usr/lbin/telnetd telnetd,
is used for access control and logging. When the telnet service is
requested, inetd invokes the tcpd server instead of invoking the
telnet server. tcpd performs access control checks and verifies
whether the connection is valid. Then, it invokes the telnetd server.
Similarly, you can change the entries for other services to include the
tcpd server.
After making the relevant changes, you must reconfigure inetd
using the following command on the command line:
# inetd -c
2. Move the service daemon to the /usr/lbin/wrapper directory, and
move tcpd to the location of the service daemon. You need not make
any changes to the /etc/inetd.conf file. For example, you can
enable the ftpd service with tcpd by executing the following
commands at the command prompt:
# mkdir /usr/lbin/wrapper
# mv /usr/lbin/ftpd /usr/lbin/wrapper
# cp tcpd /usr/lbin/ftpd
When an ftp service is requested, inetd spawns the
/usr/lbin/ftpd daemon which is actually the tcpd daemon. Then,
tcpd performs access control checks before invoking the ftpd
daemon in the /usr/lbin/wrapper directory.
For more information on tcpd configuration, type man 1M tcpd or
man 4 tcpd.conf at the HP-UX prompt.
The libwrap.a Library
The libwrap.a library provides a set of APIs for independent
applications to enforce host access control based on the files
/etc/hosts.allow and /etc/hosts.deny files. The APIs implement a
rule-based access control language with optional shell commands, that
are executed when a rule is invoked.