O'Reilly logo

Security Warrior by Anton Chuvakin, Cyrus Peikari

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Network Access in Unix

This section briefly reviews Unix network security. We cover TCP wrappers, NFS/NIS, backups, and X Windows, building the foundation for the section that follows ("Unix Hardening").

TCP Wrappers

While not standard for all flavors of Unix, TCP wrappers , written by Wietse Venema and Dan Farmer, are shipped with many distributions. TCP wrappers provide a versatile network access control facility. This security mechanism consists of the executable file (usually /usr/bin/tcpd) and a shared library. The tcpd is started by the Internet superserver inetd (the standard for most Unix variants). If TCP wrappers are used, /etc/inetd.conf looks like this:

pop-3    stream tcp    nowait root    /usr/sbin/tcpd    qpopper
telnet stream tcp    nowait root    /usr/sbin/tcpd    in.telnetd
auth stream tcp    nowait nobody /usr/sbin/in.identd in.identd -l -e -o
inetd.conf example

In this case, access to POP3 and telnet is controlled by TCP wrappers (tcpd present) and access to the ident daemon is not (unless it can be compiled with the TCP wrapper library). The library allows the programs to be built with TCP wrapper support. For example, sendmail is often built this way. In either case, the program or the tcpd checks the configuration files /etc/hosts.allow and /etc/hosts.deny for permissions before starting. TCP wrappers also increase the amount of useful logging information by recording the failed and successful attempts to log in to the system, even via services that normally do not create logfile records ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required