tcpd.conf.4 (2010 09)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

tcpd.conf(4) tcpd.conf(4)

NAME

tcpd.conf - conﬁguration ﬁle for tcpd

DESCRIPTION

When

inetd invokes tcpd for a service, it will read

/etc/tcpd.conf and perform access control

checks (see tcpd(1M)).

Each line in the ﬁle is treated either as a comment or as conﬁguration information. Commented lines

begin with

#. Uncommented lines contain two required ﬁelds, key and value. The ﬁelds are separated by

tabs and/or spaces. A line can be continued if it terminates with a backslash (

\).

The following are the conﬁguration parameters:

rfc931_timeout

The RFC931 username lookup can be enabled or disabled through this parameter. Value for n

speciﬁes the time-out value (in seconds), to be used while getting the username information from the

client.

A value of zero for n disables the rfc931 feature.

The default conﬁguration of this disables the rfc931 feature with n value equal to 0.

The maximum value to which n can be set is 30 seconds.

on_reverselookup_fail

{allow | deny}

This parameter determines whether

tcpd should allow or deny the connection request on reverse

lookup failure.

In both the cases,

tcpd will log the event of reverse lookup failure, but in the

deny case, it will

reject the connection request just after reverse lookup failure. In the

allow case, the hostname can

be matched with the PARANOID wildcard (see hosts_options(5)) in access control ﬁles

(

/etc/hosts.allow

and /etc/hosts.deny).

The default value for this is

deny.

log_level {normal | extended}

This parameter determines the level at which

tcpd should log the information using syslog.A

value of extended will cause the TCP Wrappers daemon (see tcpd (1M)), to log the ACLs informa-

tion such as with which entry the client request is matched and this entry’s related options.

The default value for this entry is

normal, in which case tcpd will only log the connection details

about refusal or acceptance of the connection in the form of ‘connection from abc@xyz_host’.

Processing Invalid and Multiple Entries

tcpd processes invalid and multiple entries in the following ways:

• An invalid entry for a conﬁguration parameter is ignored. Instead, the default value for the

conﬁguration parameter will be used. For example, the following invalid entry for log_level will be

replaced by the use of normal .

log_level abcd

will be treated as:

log_level normal

• If multiple entries for a conﬁguration parameter are speciﬁed, only the last occurring entry is pro-

cessed and the rest are ignored. For example, in the following two entries for rfc931_timeout, the

last value of 25 is used for that parameter.

rfc931_timeout 10

rfc931_timeout 25

EXAMPLES

To set the a 25 seconds time-out value for RFC931 user name lookup:

rfc931_timeout 25

To disable the RFC931 user name lookup:

rfc931_timeout 0

HP-UX 11i Version 3: September 2010 − 1 − Hewlett-Packard Company 1

Summary of content (2 pages)

PAGE 1
tcpd.conf(4) tcpd.conf(4) NAME tcpd.conf - configuration file for tcpd DESCRIPTION When inetd invokes tcpd for a service, it will read /etc/tcpd.conf and perform access control checks (see tcpd (1M)). Each line in the file is treated either as a comment or as configuration information. Commented lines begin with #. Uncommented lines contain two required fields, key and value. The fields are separated by tabs and/or spaces. A line can be continued if it terminates with a backslash (\).
PAGE 2
tcpd.conf(4) tcpd.conf(4) To make tcpd to allow a host on reverse lookup failure and process that host as PARANOID, in ACLs: on_reverselookup_fail allow To set the extended logging option: log_level extended AUTHOR tcpd.conf was developed by the Hewlett-Packard. SEE ALSO inetd(1M), tcpd(1M).