Provided by: manpages-ja_0.5.0.0.20110915-1_all bug

NAME

       hosts_access -

DESCRIPTION

        (/ )  (/) ""

        hosts_options(5)  -DPROCESS_OPTIONS

       daemon client inetd

ACCESS CONTROL FILES


       o      (daemon,client)  /etc/hosts.allow

       o      (daemon,client)  /etc/hosts.deny

       o

ACCESS CONTROL RULES

       0

       o

       o       `#'

       o        [] :

                 daemon_list : client_list [ : shell_command ]

       daemon_list  (argv[0] )  ()

       client_list  ()

         daemon@host   user@host   SERVER  ENDPOINT  PATTERNS  CLIENT USERNAME
       LOOKUP

       NIS ( YP)  netgroup

PATTERNS


       o      `.'  `.tue.nl' `wzv.win.tue.nl'.

       o      `.'  `131.155.' Eindhoven University network (131.155.x.x)  ()

       o      `@' NIS ( YP)

       o      `n.n.n.n/m.m.m.m'    `net/mask'    `net'     `mask'     net/mask
              `131.155.72.0/255.255.254.0' `131.155.72.0'  `131.155.73.255'

WILDCARDS

        :

       ALL

       LOCAL

       UNKNOWN

              :

       KNOWN

              :

       PARANOID
               tcpd -DPARANOID ()  -DPARANOID  tcpd

OPERATORS

       EXCEPT :  `list_1  EXCEPT  list_2';  list_2 list_1  EXCEPT daemon_lists
              client_lists EXCEPT (): `a EXCEPT b  EXCEPT  c'  `(a  EXCEPT  (b
              EXCEPT c))'

SHELL COMMANDS

        %<letter> ( ) /bin/sh /dev/null  `&'

       inetd  PATH  PATH=whatever

       hosts_options(5)

% EXPANSIONS

       :

       %a (%A)
               ()

       %c     : user@host, user@address.

       %d      (argv[0] )

       %h (%H)
               ()

       %n (%N)
               ()  ("unknown"  "paranoid")

       %p      id

       %s     : daemon@host, daemon@address,

       %u      ("unknown")

       %%      `%'

       %

SERVER ENDPOINT PATTERNS

        :

          process_name@host_pattern : client_list ...

         FTP, GOPHER  WWW hosts_options(5)  `twist'  (Solaris, FreeBSD) ( SLIP
       PPP  )

       host_pattern client_lists server endpoint  information  ()  connection-
       oriented serveices ()

CLIENT USERNAME LOOKUP

        RFC 931 (TAP, IDENT, RFC 1413) :

          daemon_list : ... user_pattern@host_pattern ...

        ()  daemon_list  host_pattern

       user_pattern ( )

       o       ALL  (UN)KNOWN

       o       TCP  "unknown"

       o       UNIX wrapper  README

       o      non-UNIX 10 : PC

        :

          daemon_list : @pcnetgroup ALL@ALL

        PC

DETECTING ADDRESS SPOOFING ATTACKS

        TCP/IP  sequence number generator IDENT (RFC931 )

       TCP IDENT

        IDENT IDENT ( `UNKNOWN@host')

        IDENT  ( `KNOWN@host') IDENT  IDENT

       Note: IDENT  UDP

EXAMPLES


       allow  deny

         network/netmask

MOSTLY CLOSED ()


       (no access) deny file :

       /etc/hosts.deny:
          ALL: ALL

       allow file

       allow file :

       /etc/hosts.allow:
          ALL: LOCAL @some_netgroup
          ALL: .foobar.edu EXCEPT terminalserver.foobar.edu

       ( `.') some_netgroup terminalserver.foobar.edu.  foobar.edu ()

MOSTLY OPEN ()


       (access granted)  allow file deny file :

       /etc/hosts.deny:
          ALL: some.host.name, .some.domain
          ALL EXCEPT in.fingerd: other.host.name, .other.domain

         finger

BOOBY TRAPS ()

       ( ) tftp finger

       /etc/hosts.allow:
          in.tftpd: LOCAL, .my.domain

       /etc/hosts.deny:
          in.tftpd: ALL: (/some/where/safe_finger -l @%h | \
               /usr/ucb/mail -s %d-%h root) &

       safe_finger  tcpd wrapper  finger  finger

       %h (client host)  %d (service name) shell commands

       : finger finger  booby-trap ()

         tftp  ""

DIAGNOSTICS

        %<letter> syslog

FILES

       /etc/hosts.allow,  (daemon,client)
       /etc/hosts.deny,  (daemon,client)

SEE ALSO

       tcpd(8) tcp/ip daemon wrapper
       tcpdchk(8), tcpdmatch(8), test programs.

BUGS


         NIS ( YP)

AUTHOR

       Wietse Venema (wietse@wzv.win.tue.nl)
       Department of Mathematics and Computing Science
       Eindhoven University of Technology
       Den Dolech 2, P.O. Box 513,
       5600 MB Eindhoven, The Netherlands

       FUKUSHIMA Osamu/ <fuku@amorph.rim.or.jp>

                                                               HOSTS_ACCESS(5)