Home > Articles > Security > Network Security

  • Print
  • + Share This
Like this article? We recommend

TCP Wrappers

TCP wrappers provides limited, connection-oriented host-based firewall functionality with which connections can be denied or accepted based on the originating host. Connection attempts are logged using syslog(3C). OpenSSH uses this functionality by linking in the libwrap library. TCP wrappers is dependent on the name and IP address information returned by the name services, such as DNS. It cannot stop low-level network-based attacks, such as port scanning, IP spoofing, or denial of service. For those, a packet-based firewall solution such as SunScreenTM software is necessary. The Solaris 9 OE has TCP wrappers integrated into it, package SFWtcpd, which is located in the /usr/sfw directory. For the Solaris 8 OE, TCP wrappers can be found on the Software Companion CD (starting in the Solaris 8 10/00 release). For the Solaris 2.6 and 7 OE releases, TCP wrappers must be downloaded and built from the source. TCP wrappers is not required to build OpenSSH.

Building TCP Wrappers

This section contains procedures for building the TCP wrappers software.

To Build TCP Wrappers

  • For the Forte C Compiler

  1. Change directories to the tcp_wrappers_x.x directory.

  2. Use the following command to build the TCP wrappers software.

  3. $ make REAL_DAEMON_DIR=/usr/sbin sunos5 \
    STYLE="\"-xO5 -xdepend -xprefetch -dalign -xlibmil -xunroll=5 \""

    NOTE

    If the target machines are without an UltraSPARC II or III processor, omit the -xprefetch flag.

  • For the GNU C Compiler

  1. Change directories to the tcp_wrappers_x.x directory.

  2. Use the following command to build the TCP wrappers software.

  3. $ make REAL_DAEMON_DIR=/usr/sbin sunos5

To Install TCP Wrappers

TCP wrappers does not have an automated install script. OpenSSH requires only two files from the distribution: libwrap.a and tcpd.h

  1. Become the superuser.

  2. Copy the libwrap.a file to the /usr/local/lib directory.

  3. Copy the tcpd.h file to the /usr/local/include directory.

  4. Change the ownership and permissions with the following commands.

  5. # chown root:other /usr/local/lib/libwrap.a /usr/local/include/tcpd.h
    # chmod 755 /usr/local/lib/libwrap.a /usr/local/include/tcpd.h

  • + Share This
  • 🔖 Save To Your Account