tcpdmatch(1) tcpdmatch(1)
NAME [Toc] [Back]
tcpdmatch - evaluate tcp wrapper service requests
SYNOPSYS [Toc] [Back]
/usr/bin/tcpdmatch [-d] [-i inet_conf] daemon client
/usr/bin/tcpdmatch [-d] [-i inet_conf] daemon[@server] [user@]client
DESCRIPTION [Toc] [Back]
tcpdmatch predicts how the tcp wrapper would handle a specific request
for service. Examples are given below.
The program examines the tcpd access control tables (default
/etc/hosts.allow and /etc/hosts.deny) and prints its conclusion. For
maximum accuracy, it extracts additional information from the inetd
configuration file.
When tcpdmatch finds a match in the access control tables, it
identifies the matched rule. In addition, it displays the optional
shell commands or options in a printable format. The display helps
you find any discrepancies between what you want and what tcpdmatch
understands for the access control rules.
Arguments [Toc] [Back]
The daemon and client arguments are always required.
daemon A daemon process name. Typically, the last component of a
daemon executable pathname.
client A host name or network address, or one of the `unknown' or
`paranoid' wildcard patterns.
When a client host name is specified, tcpdmatch gives a
prediction for each address listed for that client.
When a client address is specified, tcpdmatch predicts what
tcpd would do when the client name lookup fails.
Optional information specified with the daemon@server form:
server A host name or network address, or one of the `unknown' or
`paranoid' wildcard patterns. The default server name is
`unknown'.
Optional information specified with the user@client form:
user A client user identifier. Typically, a login name or a
numeric userid. The default user name is `unknown'.
Hewlett-Packard Company - 1 - HP-UX 11i Version 2: August 2003
tcpdmatch(1) tcpdmatch(1)
Options [Toc] [Back]
-d Examine hosts.allow and hosts.deny files in the current
directory instead of the default ones.
-i inet_conf
Specify this option when tcpdmatch is unable to find your
inetd.conf configuration file, or when you suspect that
tcpdmatch is using the wrong file. inet_conf is the path
name of the inetd.conf configuration file whose entries you
want to examine.
EXAMPLES [Toc] [Back]
To predict how tcpd would handle a telnet request from the local
system:
tcpdmatch telnetd localhost
The same request, pretending that hostname lookup failed:
tcpdmatch telnetd 127.0.0.1
To predict what tcpd would do when the client name does not match the
client address:
tcpdmatch telnetd paranoid
AUTHOR [Toc] [Back]
Wietse Venema ([email protected]),
Department of Mathematics and Computing Science,
Eindhoven University of Technology
Den Dolech 2, P.O. Box 513,
5600 MB Eindhoven, The Netherlands
FILES [Toc] [Back]
The default locations of the tcpd access control tables are:
/etc/hosts.allow (daemon, client) pairs that are granted
access.
/etc/hosts.deny (daemon, client) pairs that are denied
access.
SEE ALSO [Toc] [Back]
tcpdchk(1), tcpd configuration checker.
inetd.conf(4), format of the inetd control file.
hosts_access(5), format of the tcpd access control tables.
hosts_options(5), format of the language extensions.
Hewlett-Packard Company - 2 - HP-UX 11i Version 2: August 2003 [ Back ] |
