From owner-FreeBSD-users-jp@jp.freebsd.org  Sat May 22 14:40:26 1999
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id OAA06127;
	Sat, 22 May 1999 14:40:26 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from onion.ish.org (root@onion.ish.org [210.145.219.202])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id OAA06122
	for <FreeBSD-users-jp@jp.freebsd.org>; Sat, 22 May 1999 14:40:24 +0900 (JST)
	(envelope-from ishizuka@ish.org)
Received: from localhost (ishizuka@localhost [127.0.0.1])
	by onion.ish.org (8.9.3/3.7Wpl1-08/27/98) with ESMTP id OAA80105
	for <FreeBSD-users-jp@jp.freebsd.org>; Sat, 22 May 1999 14:40:17 +0900 (JST)
To: FreeBSD-users-jp@jp.freebsd.org
X-Mailer: Mew version 1.94b28 on Emacs 19.34 / Mule 2.3 (SUETSUMUHANA)
X-PGP-Fingerprint20: 276D 697A C2CB 1580 C683  8F18 DA98 1A4A 50D2 C4CB
X-PGP-Fingerprint16: C6 DE 46 24 D7 9F 22 EB  79 E2 90 AB 1B 9A 35 2E
X-PGP-Public-Key: http://www.ish.org/pgp-public-key.txt
X-URL: http://www.ish.org/
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Message-Id: <19990522144017L.ishizuka@onion.ish.org>
Date: Sat, 22 May 1999 14:40:17 +0900
From: Masachika ISHIZUKA <ishizuka@ish.org>
X-Dispatcher: imput version 990425(IM115)
Lines: 41
Reply-To: FreeBSD-users-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+990430
X-Sequence: FreeBSD-users-jp 42533
Subject: [FreeBSD-users-jp 42533] tcp_wrappers on 3.2R
Errors-To: owner-FreeBSD-users-jp@jp.freebsd.org
Sender: owner-FreeBSD-users-jp@jp.freebsd.org
X-Originator: ishizuka@ish.org

  $B@PDM!w?yJB$G$9!#(B

  FreeBSD 3.2R $B$+$i(B TCP Wrappers $B$,(B base system $B$K:N$jF~$l(B
$B$i$l!"(Binetd, page mapper, sendmail $B$,(B libwrap $B$r%j%s%/$7$F(B
$B$$$k$H=q$+$l$F$$$^$9$,!":#$^$G(B tcpd $B$r;H$C$F$$$?$N$G$$$^$$(B
$B$AH=$C$F$$$^$;$s!#(B
  $B$=$3$G(B2$BE@<ALd$,$"$k$N$G$9$,!"$I$J$?$+$4B8$8$"$j$^$;$s$+!#(B

(1) identd
  /etc/inetd.conf $B$rJT=8$7$F(B

ident  stream  tcp  wait  kmem:kmem  /usr/local/sbin/identd  identd -w -t120

$B$r3h$+$7$?8e!"(B/etc/hosts.allow $B$G(B

ALL : localhost onion.ish.org : allow
sshd, ftpd: .ish.org : allow
ALL : PARANOID : RFC931 20 : deny
sendmail : ALL : allow
ALL : ALL \
     : severity auth.info \
     : spawn ( /bin/echo "tcpd\: %u@%h[%a] tried to use %d  (denied)" | \
       /usr/bin/mail -s "tcpd\: %u@%h[%a] tried to use %d  (denied)" root) & \
     : twist /bin/echo "You are not welcome to use %d from %h."

$B$N$h$&$K@_Dj$7$F$$$k$N$G$9$,!"$3$N@_Dj$G$O30It$+$i$N(B ident
$BMW5a$,:G8e$N(B spawn $B$N@_Dj$K%^%C%A$7$F$7$^$$$=$&$J5$$,$9$k(B
$B$N$G$9$,!"$A$c$s$HF0:n$7$F$7$^$$$^$9!#(Bident $B$@$1$O2?$+FCJL(B
$B07$$$5$l$k$N$G$7$g$&$+!#(B
  telnet $BEy$O$A$c$s$H:G8e$N(B spawn $B$J@_Dj$,F/$-$^$9!#!J$G$b(B
%d $B$,@5>o$KE83+$5$l$J$/$F(B ___ $B$K$J$C$A$c$&$N$,Ha$7$$!#D>@\(B
libwrap $B$r(B link $B$7$F$$$k(B sshd $BEy$G$O$A$c$s$HI=<($5$l$^$9!#(B
tcpd $B$8$c$J$$$N$K(B tcpd $B$N$^$^$J$N$O<jH4$-$G$9!#!K(B

(2) sendmail
  libwrap $B$r%j%s%/$7$F(B hosts_access $B$N8z2L$,5Z$V$H!"2?$+4r(B
$B$7$$@_Dj$,$G$-$k$N$G$7$g$&$+!)(B $B>e5-$NNc$G$O(B PARANOID $B%A%'%C(B
$B%/$K0z$C3]$+$C$?$b$N$O(B reject $B$G$-$k$N$GA4A38z2L$,$J$$Lu$G(B
$B$O$"$j$^$;$s$,!"Aw$j@h%[%9%H$r8BDj$7$h$&$H$9$k$H!"(BMX $B$G%P%C(B
$B%/%"%C%W$K=q$+$;$F$b$i$C$F$$$kA4$F$N%a!<%k%[%9%H$N@_Dj$rJQ(B
$B$($J$$$HBLL\$J$N$G$"$^$jM-8z$J3hMQJ}K!$,;W$$Ev$?$j$^$;$s!#(B
