1. Download TCP Wrapper from: ftp://ftp.porcupine.org/pub/security/tcp_wrappers_7.6.tar.gz 2. Extract the source codes: # gunzip -c tcp_wrappers_7.6.tar.gz | tar xvf - 3. Compile the source codes: # cd tcp_wrappers_7.6 # make REAL_DAEMON_DAEMON_DIR=/usr/local/bin osf 4. Install the TCP Wrapper: # cp -p tcpd try-from tcpdmatch tcpdchk safe_finger /usr/local/bin/ # mkdir /usr/local/man/man8 # cp -p tcpd.8 tcpdchk.8 tcpdmatch.8 /usr/local/man/man8/ # mkdir /usr/local/man/man5 # cp -p hosts_access.5 hosts_options.5 /usr/local/man/man5/ # mkdir /usr/local/man/man3 # cp -p hosts_access.3 /usr/local/man/man3 # export MANPATH=/usr/local/man:$MANPATH # man tcpd (for your on-line man reference) 5. Configure the TCP Wrapper and test: # cp -p /etc/inetd.conf /etc/inetd.conf.ORIG # vi /etc/inetd.conf # diff /etc/inetd.conf /etc/inetd.conf.ORIG 58c58 < ftp stream tcp nowait root /usr/local/bin/tcpd /usr/sbin/ftpd --- > ftp stream tcp nowait root /usr/sbin/ftpd ftpd # vi /etc/hosts.allow ftpd: 10.157.175.92 # vi /etc/hosts.deny ftpd: ALL # ps -ef | grep inetd root 533543 524289 0.0 Jun 09 ?? 0:00.00 /usr/sbin/inetd root 533544 533543 0.0 Jun 09 ?? 0:01.10 -child (inetd) root 577893 570423 0.0 14:50:18 pts/1 0:00.00 grep inetd # kill -HUP 533543 (each time, when you modify /etc/inetd.conf, you must use this command to send signal to inetd) # ftp localhost (localhost is blocked) Connected to localhost. 421 Service not available, remote server has closed connection ftp> # ftp tpes40-1.abc.com (this is connected from 10.157.175.92) Connected to tpes40-1.abc.com. 220 tpes40-1.abc.com FTP server (Compaq Tru64 UNIX Version 5.60) ready. Name (tpes40-1.abccom:root): # ftp tpes40-1.abc.com (this is blocked from any other machine) Connected to tpes40-1.abc.com. 421 Service not available, remote server has closed connection ftp> ### Other services controlled by /etc/inetd.conf can follow ### this kind of rules. # man 5 hosts_access (this can help you configure /etc/hosts.allow and /etc/hosts.deny) ######################################################################## ### ### ### Wish you enjoy the TCP wrapper (tcpd) for access control! ### ### ### ########################################################################