home *** CD-ROM | disk | FTP | other *** search
- From: wietse@wzv.win.tue.nl (Wietse Venema)
- Newsgroups: comp.sources.misc
- Subject: v16i062: package to monitor tcp/ip connections, Part01/01
- Message-ID: <1991Jan9.040140.25217@sparky.IMD.Sterling.COM>
- Date: 9 Jan 91 04:01:40 GMT
- Approved: kent@sparky.imd.sterling.com
- X-Checksum-Snefru: c22717fd c273b430 219da244 922d5a46
-
- Submitted-by: wietse@wzv.win.tue.nl (Wietse Venema)
- Posting-number: Volume 16, Issue 62
- Archive-name: log_tcp/part01
-
- This package provides a couple of tiny programs that log all requests
- to connection-oriented tcp/ip services (examples: FINGER, SYSTAT, FTP,
- TELNET, RLOGIN, RSH, EXEC), with optional access control on the basis
- of host (or domain) names and service names.
-
- The programs are nothing but small front ends. By default, they just
- log the remote host name and then invoke the real daemon. The programs
- should not require any changes to existing software or configuration
- files.
-
- Connections are reported through the syslog(3) facility. Each record
- contains a time stamp, the remote host name and the name of the service
- requested. Such information can be useful to detect break-in attempts
- or other undesirable activities, especially when logfile information
- from several hosts is merged.
-
- The optional access-control facility may be useful when, for whatever
- reason, it is not possible to handle access control at a more suitable
- level (such as an internet router).
-
- Wietse Venema,
- Eindhoven University of Technology,
- The Netherlands.
-
- #! /bin/sh
- # This is a shell archive. Remove anything before this line, then unpack
- # it by saving it into a file and typing "sh file". To overwrite existing
- # files, type "sh file -c". You can also feed this as standard input via
- # unshar, or by typing "sh <file", e.g.. If this archive is complete, you
- # will see the following message at the end:
- # "End of shell archive."
- # Contents: README miscd.c tcpd.c fromhost.c hosts_access.c Makefile
- # hosts_access.5 strcasecmp.c BLURB
- # Wrapped by wietse@wzv on Sun Jan 6 22:31:41 1991
- PATH=/bin:/usr/bin:/usr/ucb ; export PATH
- if test -f README -a "${1}" != "-c" ; then
- echo shar: Will not over-write existing file \"README\"
- else
- echo shar: Extracting \"README\" \(4779 characters\)
- sed "s/^X//" >README <<'END_OF_README'
- X@(#) README 1.1 91/01/06 22:30:23
- X
- XGeneral description:
- X
- XWith this package you can monitor connections to the SYSTAT, FINGER,
- XFTP, TELNET, RLOGIN, RSH and EXEC network services. Connections are
- Xlogged through the syslog(3) facility. A requirement is that daemons
- Xare started by the inetd program or something similar.
- X
- XThe programs are tiny front ends that just report the remote host name
- Xand then invoke the real network daemon. In the most common case, no
- Xchanges should be required to existing software or to configuration
- Xfiles. Just move the vendor-provided daemons to another place and
- Xinstall the front ends into their original places. Installation details
- Xare given below.
- X
- XEarlier versions of the programs were tested with Ultrix >= 2.2, with
- XSunOS >= 3.4 and ISC 2.2. The present version is a bit cleaned up, but
- Xshould still run without modification on top of most BSD-style TCP/IP
- Ximplementations.
- X
- XOptional feature:
- X
- XWhen compiled with -DHOSTS_ACCESS, the front-end programs support a
- Xsimple form of access control that is based on host (or domain) names
- Xand service names. Wild cards are supported. If a host requests a
- Xservice, and if the (service, host) pair is matched by an entry in the
- X/etc/hosts.allow file, access is granted. Otherwise, if the (service,
- Xhost) pair is matched by an entry in the /etc/hosts.deny file, access
- Xis denied. Otherwise, access is granted. For more details, see the
- Xhosts_access(5) manual page. This form of access control may be useful
- Xif it can not be implemented at a more suitable level (such as an
- Xinternet router).
- X
- XRelated software:
- X
- XVersions of rshd and rlogind, hacked to report the remote user name as
- Xwell, are available for anon ftp (ftp.win.tue.nl:/pub/logdaemon.tar.Z).
- XThose programs have been tested only with SunOS >= 4.0.
- X
- XAnother way to manage access to tcp/ip services is illustrated by the
- Xservers provided with the authutil package (comp.sources.unix volume
- X22). This has the advantage that one will get the remote username from
- Xany host supporting RFC 931 security. By installing the auth package
- X(same volume) one supports RFC 931 security too. Eventually one can
- Xstart cutting off unauthenticated connections. This is obviously a much
- Xmore advanced approach than what my front-end programs provide. The
- Xpresent package is more suitable for those who lack the resources to
- Xinstall anything that requires more than just renaming a couple of
- Xexecutables.
- X
- XConfiguration and installation:
- X
- XIf you don't run Ultrix, you don't need the miscd front-end program.
- XThe Ultrix miscd daemon implements among others the SYSTAT service,
- Xwhich pipes the output from the WHO command to standard output.
- X
- XBy default, the front-end programs assume that the vendor-provided
- Xdaemons will be moved to the "/usr/etc/..." directory. If you want
- Xsomething else, adjust the REAL_DAEMON and the REAL_DAEMON_DIR macros
- Xin the files miscd.c and tcpd.c.
- X
- XBy default, connections are logged to the same place where the sendmail
- Xlog entries go. If connections should be logged elsewhere, adjust the
- XLOG_MAIL macro in the miscd.c and tcpd.c files, and update your inetd
- Xconfiguration file (usually, /etc/syslog.conf). Most Ultrix versions
- Xdo not provide this flexibility, though.
- X
- XBy default, the front-end programs support host access control. Access
- Xcontrol is turned off when the /etc/hosts.{allow,deny} files do not
- Xexist. If you do not need support for host access control, adjust the
- Xmakefile so that the programs are compiled without -DHOSTS_ACCESS. Note:
- Xhost access control support requires the strchr() and strtok() routines.
- X
- XIf your C library does not provide the strcasecmp() routine, adjust the
- XAUX_OBJ macro in the makefile so that it uses the strcasecmp() version
- Xprovided with this package.
- X
- XThe tcpd program is intended for monitoring connections to the telnet,
- Xfinger, ftp, exec, rsh and rlogin services. Decide which services you
- Xwant to be monitored, move the vendor-provided daemon programs to the
- Xlocation specified by the REAL_DAEMON_DIR macro in the file tcpd.c, and
- Xcopy the tcpd front end to the locations where the vendor-provided
- Xdaemons used to be. That is, one copy of the tcpd front end for each
- Xservice that you want to monitor.
- X
- XUltrix only: if you want to monitor connections to the SYSTAT service,
- Xmove the vendor-provided miscd daemon to the location specified by the
- XREAL_DAEMON macro in the miscd.c file, and install the miscd front end
- Xinto the original miscd location.
- X
- XAcknowledgements:
- X
- XThanks to Brendan Kehoe (brendan@cs.widener.edu), Heimir Sverrisson
- X(heimir@hafro.is) and Dan Bernstein (brnstnd@kramden.acf.nyu.edu) for
- Xfeedback on an earlier release of this product.
- X
- X Wietse Venema,
- X Mathematics and Computing Science,
- X Eindhoven University of Technology,
- X The Netherlands.
- END_OF_README
- if test 4779 -ne `wc -c <README`; then
- echo shar: \"README\" unpacked with wrong size!
- fi
- # end of overwriting check
- fi
- if test -f miscd.c -a "${1}" != "-c" ; then
- echo shar: Will not over-write existing file \"miscd.c\"
- else
- echo shar: Extracting \"miscd.c\" \(1709 characters\)
- sed "s/^X//" >miscd.c <<'END_OF_miscd.c'
- X /*
- X * Front end to the ULTRIX miscd service. The front end logs the remote host
- X * name and then invokes the real miscd daemon. Install as "/usr/etc/miscd",
- X * after moving the real miscd daemon to the "/usr/etc/..." directory.
- X * Connections and diagnostics are logged through syslog(3).
- X *
- X * The Ultrix miscd program implements the systat service, which pipes the
- X * output from who(1) to stdout. This information is potentially useful to
- X * systems crackers.
- X *
- X * Compile with -DHOSTS_ACCESS in order to enable access control. See the
- X * hosts_access(5) manual page for details.
- X *
- X * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
- X */
- X
- X#ifndef lint
- Xstatic char sccsid[] = "@(#) miscd.c 1.1 91/01/06 22:30:32";
- X#endif
- X
- X#include <stdio.h>
- X#include <syslog.h>
- X
- X/* The following specifies where the vendor-provided daemon should go. */
- X
- X#define REAL_DAEMON "/usr/etc/.../miscd"
- X
- Xmain(argc, argv)
- Xint argc;
- Xchar **argv;
- X{
- X char *fromhost();
- X char *host_name;
- X
- X /*
- X * Open a channel to the syslog daemon. Older versions of openlog()
- X * require only two arguments.
- X */
- X
- X#ifdef LOG_MAIL
- X (void) openlog(argv[0], LOG_PID, LOG_MAIL);
- X#else
- X (void) openlog(argv[0], LOG_PID);
- X#endif
- X
- X /* Find out and report the remote host name. */
- X
- X if ((host_name = fromhost()) == 0)
- X host_name = "unknown";
- X syslog(LOG_INFO, "connect from %s", host_name);
- X
- X /* Check whether this host can access the service in argv[0]. */
- X
- X#ifdef HOSTS_ACCESS
- X hosts_access(argv[0], host_name);
- X#endif
- X
- X /* Invoke the real daemon program. */
- X
- X (void) execv(REAL_DAEMON, argv);
- X syslog(LOG_ERR, "%s: %m", REAL_DAEMON);
- X return (1);
- X}
- END_OF_miscd.c
- if test 1709 -ne `wc -c <miscd.c`; then
- echo shar: \"miscd.c\" unpacked with wrong size!
- fi
- # end of overwriting check
- fi
- if test -f tcpd.c -a "${1}" != "-c" ; then
- echo shar: Will not over-write existing file \"tcpd.c\"
- else
- echo shar: Extracting \"tcpd.c\" \(1873 characters\)
- sed "s/^X//" >tcpd.c <<'END_OF_tcpd.c'
- X /*
- X * General front end for connection-oriented tcp/ip services. This program
- X * logs the remote host name and then invokes the real daemon. For example,
- X * install as /usr/etc/{fingerd,telnetd,ftpd,rlogind,rshd,rexecd}, after
- X * saving the real daemons in the directory "/usr/etc/...". This arrangement
- X * requires that the network daemons are started by inetd or something
- X * similar. Connections and diagnostics are logged through syslog(3).
- X *
- X * Compile with -DHOSTS_ACCESS in order to enable access control. See the
- X * hosts_access(5) manual page for details.
- X *
- X * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
- X */
- X
- X#ifndef lint
- Xstatic char sccsid[] = "@(#) tcpd.c 1.1 91/01/06 22:30:36";
- X#endif
- X
- X#include <stdio.h>
- X#include <syslog.h>
- X#include <sys/types.h>
- X#include <sys/param.h>
- X#ifndef MAXPATHNAMELEN
- X#define MAXPATHNAMELEN BUFSIZ
- X#endif
- X
- X/* The following specifies where the vendor-provided daemons should go. */
- X
- X#define REAL_DAEMON_DIR "/usr/etc/..."
- X
- Xmain(argc, argv)
- Xint argc;
- Xchar **argv;
- X{
- X char *fromhost();
- X char *host_name;
- X char path[MAXPATHNAMELEN];
- X
- X /*
- X * Open a channel to the syslog daemon. Older versions of openlog()
- X * require only two arguments.
- X */
- X
- X#ifdef LOG_MAIL
- X (void) openlog(argv[0], LOG_PID, LOG_MAIL);
- X#else
- X (void) openlog(argv[0], LOG_PID);
- X#endif
- X
- X /* Find out and report the remote host name. */
- X
- X if ((host_name = fromhost()) == 0)
- X host_name = "unknown";
- X syslog(LOG_INFO, "connect from %s", host_name);
- X
- X /* Check whether this host can access the service in argv[0]. */
- X
- X#ifdef HOSTS_ACCESS
- X hosts_access(argv[0], host_name);
- X#endif
- X
- X /* Invoke the real daemon program. */
- X
- X (void) sprintf(path, "%s/%s", REAL_DAEMON_DIR, argv[0]);
- X (void) execv(path, argv);
- X syslog(LOG_ERR, "%s: %m", path);
- X return (1);
- X}
- END_OF_tcpd.c
- if test 1873 -ne `wc -c <tcpd.c`; then
- echo shar: \"tcpd.c\" unpacked with wrong size!
- fi
- # end of overwriting check
- fi
- if test -f fromhost.c -a "${1}" != "-c" ; then
- echo shar: Will not over-write existing file \"fromhost.c\"
- else
- echo shar: Extracting \"fromhost.c\" \(1325 characters\)
- sed "s/^X//" >fromhost.c <<'END_OF_fromhost.c'
- X /*
- X * fromhost() returns the name or address of the host at the other end of
- X * standard input, "stdin" if it is connected to a terminal, or a null
- X * pointer if it fails. Diagnostics are logged through syslog(3).
- X *
- X * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
- X */
- X
- X#ifndef lint
- Xstatic char sccsid[] = "@(#) fromhost.c 1.1 91/01/06 22:30:24";
- X#endif
- X
- X#include <stdio.h>
- X#include <sys/types.h>
- X#include <sys/param.h>
- X#include <sys/socket.h>
- X#include <syslog.h>
- X#include <netinet/in.h>
- X#include <netdb.h>
- X
- X/* fromhost - find out what is at the other end of standard input */
- X
- Xchar *fromhost()
- X{
- X struct sockaddr sa;
- X struct sockaddr_in *sin = (struct sockaddr_in *) (&sa);
- X struct hostent *hp;
- X int sockt = fileno(stdin);
- X int length = sizeof(sa);
- X char *inet_ntoa();
- X
- X if (getpeername(sockt, &sa, &length) < 0) {
- X if (isatty(sockt)) {
- X return ("stdin");
- X } else {
- X syslog(LOG_ERR, "getpeername: %m");
- X return (0);
- X }
- X } else {
- X switch (sa.sa_family) {
- X case AF_INET:
- X hp = gethostbyaddr((char *) &sin->sin_addr.s_addr,
- X sizeof(sin->sin_addr.s_addr), AF_INET);
- X return (hp ? hp->h_name : inet_ntoa(sin->sin_addr));
- X default:
- X syslog(LOG_ERR, "unknown address family %ld", sa.sa_family);
- X return (0);
- X }
- X }
- X}
- END_OF_fromhost.c
- if test 1325 -ne `wc -c <fromhost.c`; then
- echo shar: \"fromhost.c\" unpacked with wrong size!
- fi
- # end of overwriting check
- fi
- if test -f hosts_access.c -a "${1}" != "-c" ; then
- echo shar: Will not over-write existing file \"hosts_access.c\"
- else
- echo shar: Extracting \"hosts_access.c\" \(4055 characters\)
- sed "s/^X//" >hosts_access.c <<'END_OF_hosts_access.c'
- X#ifdef HOSTS_ACCESS
- X
- X /*
- X * This module implements a simple but effective form of access control
- X * based on host (or domain) names and service names, with wild card
- X * support. Diagnostics are logged through syslog(3).
- X *
- X * Compile with -DHOSTS_ACCESS in order to enable access control. See the
- X * hosts_access(5) manual page for details.
- X *
- X * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
- X */
- X
- X#ifndef lint
- Xstatic char sccsid[] = "@(#) hosts_access.c 1.1 91/01/06 22:30:28";
- X#endif
- X
- X#include <stdio.h>
- X#include <syslog.h>
- X
- Xextern char *fgets();
- Xextern char *strchr();
- Xextern char *strtok();
- Xextern void exit();
- X
- X /* Path names of the access control files. */
- X
- X#define HOSTS_ALLOW "/etc/hosts.allow"
- X#define HOSTS_DENY "/etc/hosts.deny"
- X
- X /* Delimiters for lists of services or hosts or domains. */
- X
- Xstatic char sep[] = ", \t";
- X
- X /* Constants to be used in assignments only, not in comparisons... */
- X
- X#define YES 1
- X#define NO 0
- X
- X/* hosts_access - host access control facility */
- X
- Xhosts_access(service, host)
- Xchar *service;
- Xchar *host;
- X{
- X
- X /*
- X * If the (service,host) pair is found in the /etc/hosts.allow file,
- X * access is granted. Otherwise, if the (service,host) pair is found in
- X * the /etc/hosts.deny file, access is denied. Otherwise, access is
- X * granted.
- X *
- X * If a connection is refused, we write a syslog record, but do not notify
- X * the client.
- X */
- X
- X if (table_match(HOSTS_ALLOW, service, host))
- X return;
- X if (table_match(HOSTS_DENY, service, host)) {
- X syslog(LOG_WARNING, "refused connect from %s", host);
- X exit(0);
- X }
- X}
- X
- X/* table_match - match table entries with (service, host) pair */
- X
- Xtable_match(table, service, host)
- Xchar *table;
- Xchar *service;
- Xchar *host;
- X{
- X FILE *fp;
- X char sv_list[BUFSIZ]; /* becomes list of services */
- X char *cl_list; /* becomes list of clients */
- X int match = NO;
- X int end;
- X
- X /*
- X * Process the table one line at a time. Lines that begin with a '#'
- X * character are ignored. Non-comment lines are broken at the ':'
- X * character (we complain if there is none). The left part is matched
- X * against the service name (argv[0]), the right part against the host
- X * name. A non-existing table is treated as if it were an empty table.
- X */
- X
- X if (fp = fopen(table, "r")) {
- X while (!match && fgets(sv_list, sizeof(sv_list), fp)) {
- X if (sv_list[end = strlen(sv_list) - 1] != '\n') {
- X syslog(LOG_ERR, "%s: line exceeds STDIO buffer size", table);
- X } else {
- X sv_list[end] = '\0'; /* strip trailing newline */
- X }
- X if (sv_list[0] == '#') { /* skip comments */
- X continue;
- X } else if ((cl_list = strchr(sv_list, ':')) == 0) {
- X syslog(LOG_ERR, "%s: malformed entry: \"%s\"", table, sv_list);
- X continue;
- X } else {
- X *cl_list++ = '\0'; /* break line at ":" */
- X match = (list_match(sv_list, service)
- X && list_match(cl_list, host));
- X }
- X }
- X (void) fclose(fp);
- X }
- X return (match);
- X}
- X
- X/* list_match - match a string against a list of tokens */
- X
- Xlist_match(list, string)
- Xchar *list;
- Xchar *string;
- X{
- X char *token;
- X int tok_len;
- X int str_len;
- X
- X /*
- X * Process tokens one at a time. If a token has the magic value "ALL" the
- X * match always succeeds. If the token is a domain name, return YES if it
- X * matches the last fields of the string. Otherwise, return YES if the
- X * token fully matches the string. Note: we assume that a service name
- X * never begins with a "." character.
- X */
- X
- X for (token = strtok(list, sep); token; token = strtok((char *) 0, sep)) {
- X if (strcasecmp(token, "ALL") == 0) { /* magic: always matches */
- X return (YES);
- X } else if (token[0] == '.') { /* domain: match last fields */
- X if ((str_len = strlen(string)) >= (tok_len = strlen(token))
- X && strcasecmp(token, string + str_len - tok_len) == 0)
- X return (YES);
- X } else { /* other: match full string */
- X if (strcasecmp(token, string) == 0)
- X return (YES);
- X }
- X }
- X return (NO);
- X}
- X
- X#endif
- END_OF_hosts_access.c
- if test 4055 -ne `wc -c <hosts_access.c`; then
- echo shar: \"hosts_access.c\" unpacked with wrong size!
- fi
- # end of overwriting check
- fi
- if test -f Makefile -a "${1}" != "-c" ; then
- echo shar: Will not over-write existing file \"Makefile\"
- else
- echo shar: Extracting \"Makefile\" \(1077 characters\)
- sed "s/^X//" >Makefile <<'END_OF_Makefile'
- X# @(#) Makefile 1.1 91/01/06 22:30:21
- X
- X## Begin configuration options
- X
- X# If you want to enable host access control, define the HOST_ACCESS macro
- X# in the CFLAGS line. For example,
- X#
- X# CFLAGS = -O -DHOSTS_ACCESS
- X#
- X# Note: host access control requires the strtok() and strchr() routines.
- X
- XCFLAGS = -O -DHOSTS_ACCESS
- X
- X# Include the file strcasecmp.o if it is not provided by your C library.
- X
- XAUX_OBJ = # strcasecmp.o
- X
- X# Some System-V versions require that you explicitly specify the networking
- X# libraries.
- X
- XLIBS =
- X
- X## End configuration options
- X
- XTCPD_OBJ= tcpd.o fromhost.o hosts_access.o
- XMISC_OBJ= miscd.o fromhost.o hosts_access.o
- X
- Xall: tcpd miscd
- X
- Xtcpd: $(TCPD_OBJ) $(AUX_OBJ)
- X $(CC) $(CFLAGS) -o $@ $(TCPD_OBJ) $(AUX_OBJ) $(LIBS)
- X
- Xmiscd: $(MISC_OBJ) $(AUX_OBJ)
- X $(CC) $(CFLAGS) -o $@ $(MISC_OBJ) $(AUX_OBJ) $(LIBS)
- X
- Xshar:
- X @shar README miscd.c tcpd.c fromhost.c hosts_access.c Makefile \
- X hosts_access.5 strcasecmp.c BLURB
- X
- Xclean:
- X rm -f tcpd miscd *.o core
- X
- Xlint:
- X lint -DHOSTS_ACCESS tcpd.c fromhost.c hosts_access.c
- X lint -DHOSTS_ACCESS miscd.c fromhost.c hosts_access.c
- END_OF_Makefile
- if test 1077 -ne `wc -c <Makefile`; then
- echo shar: \"Makefile\" unpacked with wrong size!
- fi
- # end of overwriting check
- fi
- if test -f hosts_access.5 -a "${1}" != "-c" ; then
- echo shar: Will not over-write existing file \"hosts_access.5\"
- else
- echo shar: Extracting \"hosts_access.5\" \(3088 characters\)
- sed "s/^X//" >hosts_access.5 <<'END_OF_hosts_access.5'
- X.TH HOSTS_ACCESS 5
- X.ad
- X.fi
- X.SH NAME
- Xhosts_access \- host access control files
- X.SH DESCRIPTION
- X.ad
- X.fi
- XThis manual page describes a simple, but effective, access control
- Xfacility that is based on host (or domain) names and service names,
- Xwith wild-card support.
- X.PP
- XIn the following text, \fIservice\fP is the name of a requested service
- X(the argv[0] value of a daemon process), and \fIhost\fP is the name of
- Xthe host requesting that service.
- X.IP o
- XAccess will be granted if the (service,host) pair is matched by an
- Xentry in the \fI/etc/hosts.allow\fP file.
- X.IP o
- XIf the previous test fails (perhaps because the \fIhosts.allow\fP file
- Xdoes not exist), access will be denied if the (service,host) pair is
- Xmatched by an entry in the \fI/etc/hosts.deny\fP file.
- X.IP o
- XIf the previous test fails (perhaps because the \fIhosts.deny\fP file
- Xdoes not exist), access will be granted.
- X.PP
- XA non-existing access control file is treated as if it were an empty
- Xfile. Thus, access control can be turned off by providing no access
- Xcontrol files.
- X.PP
- XThe format of the access control files is as follows.
- X.IP o
- XLines that begin with a `#' character are ignored.
- X.IP o
- XOther lines should have the format:
- X.sp
- X.ti +5
- Xservices : hosts_or_domains
- X.LP
- X\fIservices\fP is a list of one or more service names (argv[0] values),
- Xand \fIhosts_or_domains\fP is a list of one or more host or domain
- Xnames. List elements are separated by blanks or commas. The software
- Xdoes not distinguish between lower and upper case.
- X.PP
- XEntries that specify a domain name should begin with a `.' character
- X(see example below). A host name can be a fully-qualified host name,
- Xan undomained host name (no `.' characters) or an internet address.
- X.PP
- XSpecial meaning is given to the magic token \fIALL\fP. If it appears
- Xin the \fIservices\fP part of a line, this token matches all services.
- XIf the magic token appears in the \fIhosts_or_domains\fP part of a
- Xline, it matches all hosts or domains.
- X.SH EXAMPLES
- XThe following example restricts all services to \fIhosta,
- Xhostb\fP and hosts below the \fI.some.domain\fP:
- X.PP
- X/etc/hosts.allow:
- X.in +5
- XALL: hosta, hostb, .some.domain
- X.PP
- X/etc/hosts.deny:
- X.in +5
- XALL: ALL
- X.PP
- XIn order to deny some hosts all services, except ftp:
- X.PP
- X/etc/hosts.allow:
- X.in +5
- Xin.ftpd: ALL
- X.PP
- X/etc/hosts.deny
- X.in +5
- XALL: some.host.name, .some.domain
- X.SH DIAGNOSTICS
- X.ad
- X.fi
- XA syslog record is produced when a connection is refused; when a syntax
- Xerror is found in a host access control file; when the length of a line
- Xin a host access control file exceeds the stdio(3) buffer size.
- X.SH FILES
- X.na
- X.nf
- X/etc/hosts.allow, (service,host) pairs that are granted access.
- X/etc/hosts.deny, (service,host) pairs that are denied access.
- X.SH BUGS
- X.ad
- X.fi
- XAuthorized hosts may be denied access if the mapping of host address
- Xto host name fails (for example, due to a problem in the name server).
- X.SH AUTHOR
- X.na
- X.nf
- XWietse Venema
- XEindhoven University of Technology
- XDepartment of Mathematics and Computer Science
- XDen Dolech 2, P.O. Box 513, 5600 MB Eindhoven, The Netherlands
- X\" @(#) hosts_access.5 1.1 91/01/06 22:30:26
- END_OF_hosts_access.5
- if test 3088 -ne `wc -c <hosts_access.5`; then
- echo shar: \"hosts_access.5\" unpacked with wrong size!
- fi
- # end of overwriting check
- fi
- if test -f strcasecmp.c -a "${1}" != "-c" ; then
- echo shar: Will not over-write existing file \"strcasecmp.c\"
- else
- echo shar: Extracting \"strcasecmp.c\" \(3767 characters\)
- sed "s/^X//" >strcasecmp.c <<'END_OF_strcasecmp.c'
- X/*
- X * Copyright (c) 1987 Regents of the University of California.
- X * All rights reserved.
- X *
- X * Redistribution and use in source and binary forms are permitted
- X * provided that the above copyright notice and this paragraph are
- X * duplicated in all such forms and that any documentation,
- X * advertising materials, and other materials related to such
- X * distribution and use acknowledge that the software was developed
- X * by the University of California, Berkeley. The name of the
- X * University may not be used to endorse or promote products derived
- X * from this software without specific prior written permission.
- X * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
- X * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
- X * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
- X */
- X
- X#if defined(LIBC_SCCS) && !defined(lint)
- Xstatic char sccsid[] = "@(#)strcasecmp.c 5.6 (Berkeley) 6/27/88";
- X#endif /* LIBC_SCCS and not lint */
- X
- X#include <sys/types.h>
- X
- X/*
- X * This array is designed for mapping upper and lower case letter
- X * together for a case independent comparison. The mappings are
- X * based upon ascii character sequences.
- X */
- Xstatic u_char charmap[] = {
- X '\000', '\001', '\002', '\003', '\004', '\005', '\006', '\007',
- X '\010', '\011', '\012', '\013', '\014', '\015', '\016', '\017',
- X '\020', '\021', '\022', '\023', '\024', '\025', '\026', '\027',
- X '\030', '\031', '\032', '\033', '\034', '\035', '\036', '\037',
- X '\040', '\041', '\042', '\043', '\044', '\045', '\046', '\047',
- X '\050', '\051', '\052', '\053', '\054', '\055', '\056', '\057',
- X '\060', '\061', '\062', '\063', '\064', '\065', '\066', '\067',
- X '\070', '\071', '\072', '\073', '\074', '\075', '\076', '\077',
- X '\100', '\141', '\142', '\143', '\144', '\145', '\146', '\147',
- X '\150', '\151', '\152', '\153', '\154', '\155', '\156', '\157',
- X '\160', '\161', '\162', '\163', '\164', '\165', '\166', '\167',
- X '\170', '\171', '\172', '\133', '\134', '\135', '\136', '\137',
- X '\140', '\141', '\142', '\143', '\144', '\145', '\146', '\147',
- X '\150', '\151', '\152', '\153', '\154', '\155', '\156', '\157',
- X '\160', '\161', '\162', '\163', '\164', '\165', '\166', '\167',
- X '\170', '\171', '\172', '\173', '\174', '\175', '\176', '\177',
- X '\200', '\201', '\202', '\203', '\204', '\205', '\206', '\207',
- X '\210', '\211', '\212', '\213', '\214', '\215', '\216', '\217',
- X '\220', '\221', '\222', '\223', '\224', '\225', '\226', '\227',
- X '\230', '\231', '\232', '\233', '\234', '\235', '\236', '\237',
- X '\240', '\241', '\242', '\243', '\244', '\245', '\246', '\247',
- X '\250', '\251', '\252', '\253', '\254', '\255', '\256', '\257',
- X '\260', '\261', '\262', '\263', '\264', '\265', '\266', '\267',
- X '\270', '\271', '\272', '\273', '\274', '\275', '\276', '\277',
- X '\300', '\341', '\342', '\343', '\344', '\345', '\346', '\347',
- X '\350', '\351', '\352', '\353', '\354', '\355', '\356', '\357',
- X '\360', '\361', '\362', '\363', '\364', '\365', '\366', '\367',
- X '\370', '\371', '\372', '\333', '\334', '\335', '\336', '\337',
- X '\340', '\341', '\342', '\343', '\344', '\345', '\346', '\347',
- X '\350', '\351', '\352', '\353', '\354', '\355', '\356', '\357',
- X '\360', '\361', '\362', '\363', '\364', '\365', '\366', '\367',
- X '\370', '\371', '\372', '\373', '\374', '\375', '\376', '\377',
- X};
- X
- Xstrcasecmp(s1, s2)
- X char *s1, *s2;
- X{
- X register u_char *cm = charmap,
- X *us1 = (u_char *)s1,
- X *us2 = (u_char *)s2;
- X
- X while (cm[*us1] == cm[*us2++])
- X if (*us1++ == '\0')
- X return(0);
- X return(cm[*us1] - cm[*--us2]);
- X}
- X
- Xstrncasecmp(s1, s2, n)
- X char *s1, *s2;
- X register int n;
- X{
- X register u_char *cm = charmap,
- X *us1 = (u_char *)s1,
- X *us2 = (u_char *)s2;
- X
- X while (--n >= 0 && cm[*us1] == cm[*us2++])
- X if (*us1++ == '\0')
- X return(0);
- X return(n < 0 ? 0 : cm[*us1] - cm[*--us2]);
- X}
- END_OF_strcasecmp.c
- if test 3767 -ne `wc -c <strcasecmp.c`; then
- echo shar: \"strcasecmp.c\" unpacked with wrong size!
- fi
- # end of overwriting check
- fi
- if test -f BLURB -a "${1}" != "-c" ; then
- echo shar: Will not over-write existing file \"BLURB\"
- else
- echo shar: Extracting \"BLURB\" \(1068 characters\)
- sed "s/^X//" >BLURB <<'END_OF_BLURB'
- X@(#) BLURB 1.1 91/01/06 22:30:19
- X
- XThis package provides a couple of tiny programs that log all requests
- Xto connection-oriented tcp/ip services (examples: FINGER, SYSTAT, FTP,
- XTELNET, RLOGIN, RSH, EXEC), with optional access control on the basis
- Xof host (or domain) names and service names.
- X
- XThe programs are nothing but small front ends. By default, they just
- Xlog the remote host name and then invoke the real daemon. The programs
- Xshould not require any changes to existing software or configuration
- Xfiles.
- X
- XConnections are reported through the syslog(3) facility. Each record
- Xcontains a time stamp, the remote host name and the name of the service
- Xrequested. Such information can be useful to detect break-in attempts
- Xor other undesirable activities, especially when logfile information
- Xfrom several hosts is merged.
- X
- XThe optional access-control facility may be useful when, for whatever
- Xreason, it is not possible to handle access control at a more suitable
- Xlevel (such as an internet router).
- X
- X Wietse Venema,
- X Eindhoven University of Technology,
- X The Netherlands.
- END_OF_BLURB
- if test 1068 -ne `wc -c <BLURB`; then
- echo shar: \"BLURB\" unpacked with wrong size!
- fi
- # end of overwriting check
- fi
- echo shar: End of shell archive.
- exit 0
-
- exit 0 # Just in case...
- --
- Kent Landfield INTERNET: kent@sparky.IMD.Sterling.COM
- Sterling Software, IMD UUCP: uunet!sparky!kent
- Phone: (402) 291-8300 FAX: (402) 291-4362
- Please send comp.sources.misc-related mail to kent@uunet.uu.net.
-