|
|
这篇文档用于在aix系统上允许与拒绝某一个或多个IP地址的telnet和ftp等服务,并可以对拒绝和允许的登陆信息进行日志记录。该技术可用于aix系统的内网安全策略的定制。该工具功能强大,还有很多有待大家来挖掘。。
Tcp_Wrapper在AIX上的安装和使用
第一步:下载
第二步:安装
第三步:配置
第四步:测试
正文 第一步:下载
http://ftp.univie.ac.at/aix/downloa...ers-7.6.1.0.exe
第二步:安装
# ls
tcp_wrappers-7.6.1.0.exe
# chmod +x *exe
# ./tcp_wrappers-7.6.1.0.exe
UnZipSFX 5.32 of 3 November 1997, by Info-ZIP (Zip-Bugs@lists.wku.edu).
inflating: tcp_wrappers-7.6.1.0.bff
inflating: tcp_wrappers-7.6.1.0.bff.asc
# inutoc .
# installp -aXgd . all
+--------------------------------------------------------------------+
Pre-installation Verification...
+--------------------------------------------------------------------+
Verifying selections...done
Verifying requisites...done
Results...
SUCCESSES
---------
Filesets listed in this section passed pre-installation verification
and will be installed.
Selected Filesets
-----------------
freeware.tcp_wrappers.rte 7.6.1.0 # ----TCP/IP daemon security wrapp...
<< End of Success Section >>
FILESET STATISTICS
------------------
1 Selected to be installed, of which:
----1 Passed pre-installation verification
----
1 Total to be installed
+--------------------------------------------------------------------+
Installing Software...
+--------------------------------------------------------------------+
installp: APPLYING software for:
--------freeware.tcp_wrappers.rte 7.6.1.0
. . . . . << Copyright notice for freeware.tcp_wrappers >> . . . . . . .
TCP WRAPPERS, version 7.6
Copyright (C) 1997 by Wietse Venema. All rights reserved.
(Some individual files may be covered by other copyrights.)
Plaese refer to the DISCLAIMER file delivered in the directory
/usr/local/lib/tcp_wrappers-7.6 for complete details. The README file
delivered in the same directory should also be read.
Packaging is Copyright (C) 1999 BULL SA. This LPP may not be redistributed
comercially. No warranty or support in any form is offered with this
LPP.
. . . . . << End of copyright notice for freeware.tcp_wrappers >>. . . .
Finished processing all filesets. (Total time: 2 secs).
+-------------------------------------------------------------------+
Summaries:
+-------------------------------------------------------------------+
Installation Summary
--------------------
Name ------------------------Level ----Part---- -Event -----Result
--------------------------------------------------------------------
freeware.tcp_wrappers.rte -7.6.1.0 ----USR ------APPLY ----SUCCESS
第三步:配置
# vi /etc/inetd.conf
modifty the two lines from
ftp ----stream -tcp6 -nowait -root -/usr/sbin/ftpd -----ftpd
telnet -stream -tcp6 -nowait -root -/usr/sbin/telnetd -telnetd -a
to the following
ftp ----stream -tcp6 -nowait -root -/usr/local/bin/tcpd -ftpd
telnet -stream -tcp6 -nowait -root -/usr/local/bin/tcpd -telnetd -a
# vi /etc/hosts.deny
all:all
# vi /etc/hosts.allow
telnetd:192.168.0.201:allow
ftpd:192.168.0.201:allow
# refresh -s inetd
第四步:测试
# /usr/local/bin/tcpdmatch ftpd 9.185.43.221
client: address 9.185.43.221
server: process ftpd
access: denied
# /usr/local/bin/tcpdmatch ftpd 192.168.0.201
client: address 192.168.0.201
server: process ftpd
access: granted
# /usr/local/bin/tcpdmatch telnetd 9.185.43.221
client: address 9.185.43.221
server: process ftpd
access: denied
# /usr/local/bin/tcpdmatch telnetd 192.168.0.201
client: address 192.168.0.201
server: process ftpd
access: granted |
|
