From owner-FreeBSD-users-jp@jp.freebsd.org  Wed Apr  4 20:41:10 2001
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id UAA19133;
	Wed, 4 Apr 2001 20:41:10 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from meadow.scphys.kyoto-u.ac.jp (meadow.scphys.kyoto-u.ac.jp [130.54.54.165])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with SMTP id UAA19128
	for <FreeBSD-users-jp@jp.freebsd.org>; Wed, 4 Apr 2001 20:41:09 +0900 (JST)
	(envelope-from amorita@meadow.scphys.kyoto-u.ac.jp)
Received: (qmail 90706 invoked from network); 4 Apr 2001 11:40:38 -0000
Received: from localhost (HELO meadow.scphys.kyoto-u.ac.jp) (127.0.0.1)
  by localhost with SMTP; 4 Apr 2001 11:40:38 -0000
To: FreeBSD-users-jp@jp.freebsd.org
X-cite: xcite 1.31
References: <4.3.2-J.20010404193833.00bd4ca0@zenon.rite.or.jp>
From: Akio Morita <amorita@meadow.scphys.kyoto-u.ac.jp>
MIME-Version: 1.0 (generated by SEMI 1.13.7 - "Awazu")
Content-Type: text/plain; charset=ISO-2022-JP
Date: 04 Apr 2001 20:40:37 +0900
In-Reply-To: <4.3.2-J.20010404193833.00bd4ca0@zenon.rite.or.jp>
 (Tetuya Saito's message of "Wed, 04 Apr 2001 20:16:26 +0900")
Message-ID: <85zodwq4ei.fsf@meadow.scphys.kyoto-u.ac.jp>
Lines: 104
User-Agent: T-gnus/6.14.6 (based on Gnus v5.8.8) (revision 04) SEMI/1.13.7 (Awazu) FLIM/1.13.2 (Kasanui) Emacs/20.6 (i386-unknown-freebsdelf3.4) MULE/4.0 (HANANOEN)
Reply-To: FreeBSD-users-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+010328
X-Sequence: FreeBSD-users-jp 60570
Subject: [FreeBSD-users-jp 60570] Re: TCP_WRAPPER
 =?ISO-2022-JP?B?GyRCJEskRCQkJEYbKEI=?= 
Errors-To: owner-FreeBSD-users-jp@jp.freebsd.org
Sender: owner-FreeBSD-users-jp@jp.freebsd.org
X-Originator: amorita@meadow.scphys.kyoto-u.ac.jp

$B?9ED!w5~Bg$G$9(B

Tetuya Saito(tetuya@rite.or.jp)$B$5$s$O!"(B
Wed, 04 Apr 2001 20:16:26 +0900$B$K(B
$B!V(B[FreeBSD-users-jp 60569] TCP_WRAPPER $B$K$D$$$F(B $B!W$N(BMessage$B$G=q$-$^$7$?(B

$B!d$_$J$5$s!"$3$s$P$s$o(B
$B!d(B
$B!d@FF#(B@RITE$B$G$9(B
$B!d(B
$B!d:#2s!"(BFreeBSD$B!!(B4.2STABLE$B$G%G%'%U%)%k%H$G%$%s%9%H!<%k$5$l$F$$$k(B
$B!d(BTCP_WRAPPER$B$N@_Dj$r9T$C$F$$$^$9!#(B
$B!d<+J,$NCf$G!"?'!9!";n9T:x8m$7$J$,$i@_Dj$r$7$F$$$?$N$G$9$,(B
$B!d$I$&$7$F$b!"$o$+$i$J$$ItJ,$,=P$F$^$$$j$^$7$F!"3F<1<T$N3'MM$K!"%"%I%P%$%9$r(B
$B!d$A$g$&$@$$$7$?$/!"%a!<%k$r=q$$$F$*$j$^$9!#(B
$B!d(B
$B!d;d$N5M$^$C$F$$$k2U=j$O2<5-$NDL$j$G$9!"<1<T$N3'MM$4=u8@$h$m$7$/$*4j$$?=$7>e$2(B 
$B!d$^$9!#(B
$B!d(B
$B!d#1!%(B/etc/ined.conf$B5Z$S(Bhosts.allow$B$N@_Dj$O2<5-$N$h$&$K@_Dj$7$^$7$?!#(B
$B!d(BInetd.conf$B$N@_Dj(B
(snip)
$B!d(Bhosts.allow
$B!d(Ball:    127.0.0.1
$B!d(Btelnetd         :192.168.2.246 192.168.4.251 192.168.1.4
$B!d(Bftpd            :192.168.2.246 192.168.4.251 192.168.1.1
$B!d(Bcomsat          :192.168.2.246
$B!d(Bfingerd         :192.168.2.246
$B!d(Bsshd            :192.168.2.246 192.168.4.251
$B!d$3$N>uBV$G!"(Btcpdchk$B$r<B9T$9$k$H(B
$B!d(Bwarning: /etc/hosts.allow, line 10: sshd: service possibly not wrapped
$B!d$H=PNO$5$l$^$9!#$3$l$O!"%G%'%U%)%k%H$G%$%s%9%H!<%k$5$l$F$$$k!"(BOpenSSH_2.3.0
$B!d$,(BTCP_WRAPPER$B$r(Benable$B$K$;$:$K(Bmake$B$5$l$F$$$k$?$a$J$N$G$7$g$&$+!)(B
$B!d(B
tcpdchk$B$O!"(B/etc/hosts.(allow|deny)$B$r8!::$9$k:]$K(B daemon$B$NBEEv@-$r(B
$B8!>Z$9$k$N$K(B /etc/inetd.conf$B$N$_$rMQ$$$k$?$a(B /etc/inetd.conf$B$K(B
$B8=$l$J$$(B sshd daemon$B$KBP$7$F7Y9p$r=P$7$F$$$k(B

$B!d#2!%(Bportmap$B%G!<%b%s$O(BNIS$B5Z$S(BNFS$B$r;H$o$J$$8B$j!";HMQ$7$J$$$N$G$7$g$&$+!)(B
$B!d(B
NIS/NFS$B0J30$K(B RPC$B$r;HMQ$9$k$b$N$,$$$k$J$i$PI,MW(B
$B!t(BNIS/NFS$B0J30$GNI$/;H$o$l$k$b$N$O$"$^$jL5$$$H;W$&(B

$B!d(Bhosts.allow$B$r2<5-$N$h$&$K@_Dj$7$F$_$^$7$?!#(B
$B!d(Bhosts.allow
$B!d(Ball:    127.0.0.1
$B!d(Btelnetd         :192.168.2.246 192.168.4.251 192.168.1.4
$B!d(Bftpd            :192.168.2.246 192.168.4.251 192.168.1.1
$B!d(Bcomsat          :192.168.2.246
$B!d(Bfingerd         :192.168.2.246
$B!d(Bsshd            :192.168.2.246 192.168.4.251
$B!d(Bportmap	:192.168.2.246 192.168.4.251
$B!d$3$N>uBV$G!"(Btcpdchk$B$r<B9T$9$k$H!"(B
$B!d(Bwarning: /etc/hosts.allow, line 11: portmap: service possibly not wrapped
$B!d$H=PNO$5$l$^$9!#$3$l$O!">e5-(B1$B$N<ALd$G!"(BRPC based services $B$NItJ,$,(B
$B!d%3%a%s%H%"%&%H$5$l$F$$$k$;$$$J$N$+$H9M$(!"%3%a%s%H%"%&%H$r$O$:$7$F(B
$B!d(Btcpdchk$B$r<B9T$7$F$_$?$N$G$9$,!"7k2L$OF1$8$G$7$?!#(B
$B!d(B
$B$3$N7Y9p$N860x$O!"(B(1)$B$N(B sshd$B$HF1MM(B

$B!d$$$m$$$m$J!"%[!<%`%Z!<%8Ey$r8!:w$7$F$_$k$H!"(Bportmap$B$O(BNIS$B5Z$S(BNFS$B$K$*$$$F(B
$B!d;HMQ$9$k%W%m%H%3%k$J$N$G!"(BNIS$B5Z$S(BNFS$B$r;HMQ$7$J$$>l9g$O!"%W%m%;%9$r;_$a$F$*$$(B 
$B!d$?J}$,$h$$(B
$B!d$H5-=R$7$F$"$k%[!<%`%Z!<%8$,$"$C$?$N$G$9$,!"K\Ev$K$=$l$@$1$J$N$G$7$g$&$+!)(B
$B!d(B
$B>/$70c$&5$$,$9$k(B
o portmap$B$O!"(BNIS/NFS$BEy$G;H$o$l$k(B RPC$B8F=P$7$r2r7h$9$k(B daemon$B$G$"$k(B
o RPC$B$,MxMQ$5$l$J$$>l9g$O!"(Bportmap daemon$B$OI,MW$J$$(B
o $B;HMQ$7$J$$(B daemon$B$,F0$$$F$$$k>l9g!"$$$+$NM}M3$+$iDd;_$9$Y$-$G$"$k(B
    i. Socket/Memory/Process$B;q8;$NL5BL(B
   ii. daemon$B$KL$CN$N(B security hole$B$,;D$C$F$$$l$P?/F~$5$l$k(B
  iii. service$B$,B8:_$9$k$N$G!"$=$l$rMW5a$9$k$3$H$G(B DoS$B967b$,@.N)(B
       ($B>/$J$/$H$b(B CPU$B;q8;$rO2Hq$5$;$i$l$k(B)

$B!d#3!%(BTCP_WRAPPER$B$N1F6A$r5Z$\$9HO0O$K$D$$$F(B
$B!d;d$,!";HMQ$7$F$$$k(BFreeBSD$B!!(B4.2STABLE$B$O8=9T$G!"(BTCP_WRAPPER$B$,(Binetd$B$KAH$_9~$^$l(B 
$B!d$F$$$k(B
$B!d$H;W$&$N$G$9$,!"$G$O!"(Binetd$B$+$i5/F0$7$J$$$b$N$K$O!"(BTPC_WRAPPER$B$O1F6A$r5Z$\$5(B 
$B!d$J$$$N$G$7$g$&$+!)(B
$B!d(B
o inetd$BAH$_9~$_$N(B TCP_WRAPPER$B$O1F6A$r5Z$\$5$J$$(B
o $BC1FH5/F0$9$k(B daemon$B$N$&$A!"FH<+$K(B libwrap$B$rMxMQ$7$F$$$k$b$N$O!"(B
  inetd$B$H$O4X78$J$/(B TCP_WRAPPER$B$N1F6A$r<u$1$k(B
$B!t(B/etc/hosts.(allow|deny)$B$NFI$_9~$_%?%$%_%s%0$,0c$&$3$H$KCm0U(B!!
$B!t(B/etc/hosts.(allow|deny)$B99?7;~$K$O(B libwrap$B$rMxMQ$9$k(B daemon$B$N$&$A(B
$B!tJQ99FbMF$,4XM?$9$k$9$Y$F$N(B daemon$B$KBP$7$F(B TCP_WRAPPER$B$N=i4|2=$,I,MW(B
$B!t(Binetd$B$X(B HUP signal$B$rAw$k$N$b$=$N0l$D$G$7$+$J$$(B

$B!d(BFreeBSD$B%7%9%F%`4IM}F~Lg!!(BP89$B%Z!<%8$K$h$j$^$9$H(Bsendamil$B5Z$S(Bportmap$B$O(Blibwrap.a 
$B!d$,%j%s%/$5$l$F$$$k$N$G(B
$B!d(Bhosts.allow$B$K(B
$B!d(Bsendmail$B!'(BALL$B!'(Ballow
$B!d(Bportmap$B!'(BALL$B!'(Ballow$BEy$N@_Dj$,I,MW$G$"$k$HL@5-$5$l$F$$$k$N$G$9$,!"$3$l$rDj5A$7!d(Btcpdchk$B$r<B9T$9$k$H(B
$B!d(Bsendmail: service possibly not wrapped
$B!d(Bportmap: service possibly not wrapped
$B!d$H7Y9p$,=PNO$5$l$^$9!#$3$l$O!"5$$K$7$J$/$F$b$$$$$N$G$7$g$&$+!)(B
$B!d$=$l$H$b!";d$N@_Dj$,$$$1$J$$$N$G$7$g$&$+!)(B
$B!d(B
(1)$B$N(B sshd$B$HF1MM(B

--
#  Akio Morita ( $B?9ED(B $B><IW(B -- $B5~ETBg3XBg3X1!M}3X8&5f2J(B D3)
#   E-mail:  amorita@meadow.scphys.kyoto-u.ac.jp
#  WebPage:  http://misao.kuicr.kyoto-u.ac.jp/amorita/
