Startsida Utforska Hjälp
Logga in
openpkg
/
openpkg-packages
Bevaka 2
Stjärnmärk 0
Fork 0
Filer Ärenden 0 Pull-förfrågningar 0
Bläddra i källkod

new package: tcpwrappers 7.6k (TCP Wrappers Toolkit)

Ralf S. Engelschall 22 år sedan
förälder
326fa6ff22
incheckning
2bf2fa2c4d
3 ändrade filer med 248 tillägg och 0 borttagningar
Delad Vy Visa Diff Statistik
  1. 34 0
      tcpwrappers/hosts.allow
  2. 93 0
      tcpwrappers/tcpwrappers.patch
  3. 121 0
      tcpwrappers/tcpwrappers.spec

+ 34 - 0
tcpwrappers/hosts.allow
Visa fil 

@@ -0,0 +1,34 @@
 
+##
 
+##  hosts.allow -- TCP Wrappers Host Access Control List
 
+##
 
+
 
+#   NOTE: The hosts.deny file is deprecated. Place both 'allow' and
 
+#   'deny' rules in the hosts.allow file. See hosts_options(5) for the
 
+#   format of this file. hosts_access(5) no longer fully applies.
 
+
 
+#   Start by allowing everything (this prevents the rest of the file
 
+#   from working, so remove it when you need protection).
 
+#   The rules here work on a "First match wins" basis.
 
+ALL : ALL : allow
 
+
 
+#   OpenSSH sshd(8)
 
+#sshd : .evil.cracker.example.com : deny 
+
 
+#   Protect against simple DNS spoofing attacks by checking that the
 
+#   forward and reverse records for the remote host match. If a mismatch
 
+#   occurs, access is denied, and any positive ident response within 20
 
+#   seconds is logged. No protection is afforded against DNS poisoning,
 
+#   IP spoofing or more complicated attacks. Hosts with no reverse DNS
 
+#   pass this rule.
 
+#ALL : PARANOID : RFC931 20 : deny
 
+
 
+#   Allow anything from localhost. Note that an IP address (not a host
 
+#   name) *MUST* be specified for portmap(8).
 
+#ALL : localhost 127.0.0.1 : allow
 
+#ALL : my.machine.example.com 192.168.0.1 : allow
 
+
 
+#   The rest of the daemons are protected.
 
+ALL : ALL \
 
+    : severity auth.info \
 
+    : twist /bin/echo "You are not welcome to use %d from %h."
 
+

+ 93 - 0
tcpwrappers/tcpwrappers.patch
Visa fil 

@@ -0,0 +1,93 @@
 
+Index: Makefile
 
+--- Makefile.orig	2003-01-03 19:52:40.000000000 +0100
 
++++ Makefile	2003-10-21 12:08:03.000000000 +0200
 
+@@ -128,12 +128,12 @@
 
+ 386bsd netbsd bsdos:
 
+ 	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
 
+ 	LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ= NETGROUP= TLI= \
 
+-	EXTRA_CFLAGS=VSYSLOG= all
 
++	EXTRA_CFLAGS= VSYSLOG= all
 
+ 
+ freebsd:
 
+ 	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
 
+ 	LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ= NETGROUP= TLI= \
 
+-	EXTRA_CFLAGS=VSYSLOG= all
 
++	EXTRA_CFLAGS=-I. VSYSLOG= all
 
+ 
+ linux:
 
+ 	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
 
+Index: tcpd.h
 
+--- tcpd.h.orig	2003-01-05 02:15:59.000000000 +0100
 
++++ tcpd.h	2003-10-21 12:08:03.000000000 +0200
 
+@@ -7,6 +7,8 @@
 
+ #ifndef TCP_WRAPPERS_HEADER
 
+ #define TCP_WRAPPERS_HEADER
 
+ 
++#include <sys/types.h>
 
++#include <sys/socket.h>
 
+ #include <netinet/in.h>
 
+ #include <netdb.h>
 
+ 
+Index: fix_options.c
 
+--- fix_options.c.orig	2003-01-05 02:27:10.000000000 +0100
 
++++ fix_options.c	2003-10-21 12:08:31.000000000 +0200
 
+@@ -47,7 +47,14 @@
 
+ 	clean_exit(request);
 
+     }
 
+     if (ADDR_FAM(&ss) == AF_INET) {
 
++#if defined(__FreeBSD__) || defined(__sun__)
 
++        unsigned char optbuf[BUFFER_SIZE / 3];
 
++        int optlen;
 
++        struct in_addr dummy;
 
++        unsigned char *ucp;
 
++#else
 
+         struct ip_opts optbuf;
 
++#endif
 
+         char lbuf[BUFFER_SIZE], *lp, *cp;
 
+         struct   protoent *ip;
 
+         int optsize = sizeof(optbuf);
 
+@@ -65,9 +72,15 @@
 
+ 	     * here was wrong.
 
+ 	     */
 
+ 
++#if defined(__FreeBSD__) || defined(__sun__)
 
++#define ADDR_LEN sizeof(dummy.s_addr)
 
++            for (ucp = optbuf + ADDR_LEN; ucp < optbuf + optsize; ucp += optlen) {
 
++                u_char c = ucp[IPOPT_OPTVAL];
 
++#else
 
+             for (i = 0; (void *)&optbuf.ip_opts[i] - (void *)&optbuf <
 
+ 	         optsize; ) {
 
+ 	        u_char c = (u_char)optbuf.ip_opts[i];
 
++#endif
 
+ 		if (c == IPOPT_LSRR || c == IPOPT_SSRR) {
 
+ 		    syslog(LOG_WARNING,
 
+ 		      "refused connect from %s with IP source routing options",
 
+@@ -77,7 +90,17 @@
 
+ 		}
 
+ 		if (c == IPOPT_EOL)
 
+ 		    break;
 
++#if defined(__FreeBSD__) || defined(__sun__)
 
++                if (c == IPOPT_NOP)
 
++                    optlen = 1;
 
++                else {
 
++                    optlen = cp[IPOPT_OLEN];
 
++                    if (optlen <= 0) /* Do not loop! */
 
++                        break;
 
++                }
 
++#else
 
+ 		i += (c == IPOPT_NOP) ? 1 : (u_char)optbuf.ip_opts[i+1];
 
++#endif
 
+             }
 
+ 	
+ 	    lp = lbuf;
 
+Index: internal.h
 
+--- internal.h.orig	2003-01-05 00:37:53.000000000 +0100
 
++++ internal.h	2003-10-21 12:08:03.000000000 +0200
 
+@@ -7,6 +7,7 @@
 
+ #ifndef IMPL_HEADER
 
+ #define IMPL_HEADER
 
+ 
++#include <sys/types.h>
 
+ #include <sys/socket.h>
 
+ #include <stdio.h>
 
+ #include <string.h>

+ 121 - 0
tcpwrappers/tcpwrappers.spec
Visa fil 

@@ -0,0 +1,121 @@
 
+##
 
+##  tcpwrappers.spec -- OpenPKG RPM Specification
 
+##  Copyright (c) 2000-2003 The OpenPKG Project <http://www.openpkg.org/>
 
+##  Copyright (c) 2000-2003 Ralf S. Engelschall <rse@engelschall.com>
 
+##  Copyright (c) 2000-2003 Cable & Wireless <http://www.cw.com/>
 
+##
 
+##  Permission to use, copy, modify, and distribute this software for
 
+##  any purpose with or without fee is hereby granted, provided that
 
+##  the above copyright notice and this permission notice appear in all
 
+##  copies.
 
+##
 
+##  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
 
+##  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
 
+##  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 
+##  IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR
 
+##  CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 
+##  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 
+##  LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
 
+##  USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
 
+##  ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
 
+##  OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
 
+##  OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 
+##  SUCH DAMAGE.
 
+##
 
+
 
+#   package information
 
+Name:         tcpwrappers
 
+Summary:      TCP Wrappers Toolkit
 
+URL:          http://www.web-insights.net/socket_wrappers/
 
+Vendor:       Wietse Venema, Steve Grubb
 
+Packager:     The OpenPKG Project
 
+Distribution: OpenPKG [EVAL]
 
+Group:        Network
 
+License:      BSD
 
+Version:      7.6k
 
+Release:      20031021
 
+
 
+#   list of sources
 
+Source0:      http://www.web-insights.net/socket_wrappers/socket_wrappers-%{version}.tar.gz
 
+Source1:      hosts.allow
 
+Patch0:       tcpwrappers.patch
 
+
 
+#   build information
 
+Prefix:       %{l_prefix}
 
+BuildRoot:    %{l_buildroot}
 
+BuildPreReq:  OpenPKG, openpkg >= 20030103
 
+PreReq:       OpenPKG, openpkg >= 20030103
 
+AutoReq:      no
 
+AutoReqProv:  no
 
+
 
+%description
 
+    The TCP Wrappers package allows you to monitor and filter incoming
 
+    requests for various network services. It provides tiny daemon
 
+    wrapper programs that can be installed without any changes to
 
+    existing software or to existing configuration files. The wrappers
 
+    report the name of the client host and of the requested service.
 
+    The wrappers do not exchange information with the client or server
 
+    applications, and impose no overhead on the actual conversation
 
+    between the client and server applications.
 
+
 
+    Additionally, the wrapper functionality is available as a C API
 
+    for use in other networking applications, too.
 
+
 
+    This package actually is based on Steve Grubb's revised version
 
+    (Socket Wrappers) of Wietse Venema's original TCP Wrappers.
 
+
 
+%prep
 
+    %setup -q -n socket_wrappers-%{version}
 
+    %patch -p0
 
+    chmod a+w Makefile.orig
 
+    %{l_shtool} subst \
 
+        -e 's;/etc/hosts\.deny;%{l_prefix}/etc/tcpwrappers/hosts.deny;g' \
 
+        -e 's;/etc/hosts\.allow;%{l_prefix}/etc/tcpwrappers/hosts.allow;g' \
 
+        Makefile
 
+
 
+%build
 
+    case "%{l_platform -t}" in
 
+        *-freebsd* ) platform="freebsd" ;;
 
+        *-linux*   ) platform="linux"   ;;
 
+        *-sunos*   ) platform="sunos5"  ;;
 
+        *          ) platform="other"   ;;
 
+    esac
 
+    %{l_make} %{l_mflags} \
 
+        $platform \
 
+        CC="%{l_cc} %{l_cflags -O}"
 
+
 
+%install
 
+    rm -rf $RPM_BUILD_ROOT
 
+    %{l_shtool} mkdir -f -p -m 755 \
 
+        $RPM_BUILD_ROOT%{l_prefix}/etc/tcpwrappers \
 
+        $RPM_BUILD_ROOT%{l_prefix}/sbin \
 
+        $RPM_BUILD_ROOT%{l_prefix}/lib \
 
+        $RPM_BUILD_ROOT%{l_prefix}/include \
 
+        $RPM_BUILD_ROOT%{l_prefix}/man/man3 \
 
+        $RPM_BUILD_ROOT%{l_prefix}/man/man5 \
 
+        $RPM_BUILD_ROOT%{l_prefix}/man/man8
 
+    %{l_shtool} install -c -s -m 755 \
 
+        tcpd tcpdchk tcpdmatch try-from safe_finger \
 
+        $RPM_BUILD_ROOT%{l_prefix}/sbin/
 
+    %{l_shtool} install -c -m 644 \
 
+        tcpd.h $RPM_BUILD_ROOT%{l_prefix}/include/
 
+    %{l_shtool} install -c -m 644 \
 
+        libwrap.a $RPM_BUILD_ROOT%{l_prefix}/lib/
 
+    %{l_shtool} install -c -m 644 \
 
+        *.3 $RPM_BUILD_ROOT%{l_prefix}/man/man3/
 
+    %{l_shtool} install -c -m 644 \
 
+        *.5 $RPM_BUILD_ROOT%{l_prefix}/man/man5/
 
+    %{l_shtool} install -c -m 644 \
 
+        *.8 $RPM_BUILD_ROOT%{l_prefix}/man/man8/
 
+    %{l_shtool} install -c -m 644 \
 
+        %{SOURCE hosts.allow} \
 
+        $RPM_BUILD_ROOT%{l_prefix}/etc/tcpwrappers/
 
+    %{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT \
 
+        %{l_files_std} \
 
+        '%config %{l_prefix}/etc/tcpwrappers/*'
 
+
 
+%files -f files
 
+
 
+%clean
 
+    rm -rf $RPM_BUILD_ROOT
 
+