Tcp Wrappers is a great program that logs and filters incoming requests for various network services. If you dont already have the source code you can get it from my link in the downloads menu.
Step 1: Unpack the source code to the desired directory on Solaris.
Step 2: Read the README file
Step 3: Customize the Makefile:
Open the Makefile and read the instructions for customizing it to your particular system.
Here are the customizations I made. Assuming you have Solaris 8 on an Intel machine, they will probably work for you as well.
– Find the following 2 lines:
#SysV.4 Solaris 2.x OSF AIX
#REAL_DAEMON_DIR=/usr/sbin
gcc you’ll have to let make
know by adding the following: CC=gcc
(get used to doing this)
-Scroll through the system dependencies and uncomment any lines relevant to your system.
-Also in the system dependencies section look for the paragraph regarding IPV6 and make sure the line
IPV6= -DHAVE_IPV6
is uncommented.
Step 4: Compile the program for Solaris
When you have finished editing the makefile, at the prompt type make sunos5
Step 5: Install
Step 6: Create the tcpwrapper access files /etc/hosts.allow
and /etc/hosts.deny
.
The examples below show a simple way to block access from the internet but allow it from the local network.
Sample Solaris hosts.allow file:
vi hosts.allow
in.lpd,sshd,in.ftpd,in.telnetd: .sol8.paradise.net,.bytes.paradise.net,10.0.0.2,10.0.0.1
Sample Solaris hosts.deny file:
vi hosts.deny
ALL: ALL
Step 7: Edit the inetd.conf configuration file
Backup /etc/inetd.conf: cp /etc/inetd.conf /etc/inetd.conf.old
Edit /etc/inetd.conf replacing the service daemon with /usr/sbin/tcpd
For Example:
ftp stream tcp6 nowait root /usr/sbin/in.ftpd in.ftpd becomes —->
ftp stream tcp6 nowait root /usr/sbin/tcpd in.ftpd
telnet stream tcp6 nowait root /usr/sbin/in.telnetd in.telnetd becomes —->
telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd
Some of the service daemons aren’t in /usr/sbin in this case you need to specify an absolute path.
For Example:
walld/1 tli rpc/datagram_v wait root /usr/lib/netsvc/rwall/rpc.rwalld rpc.rwalld becomes —->
walld/1 tli rpc/datagram_v wait root /usr/sbin/tcpd /usr/lib/netsvc/rwall/rpc.rwalld
Step 8: Restart inetd on Solaris: pkill -HUP inetd
If you would like a permanent copy of this tutorial I have compiled an e-book with every tutorial and article on this site.
Click here for more information
Karen Katz is currently a Certified Systems Administrator in the San
Francisco Bay Area. She also maintains a website with Unix and Solaris
tutorials at http://www.techgirl-net.com/.