Table 26 Network Services Wrapped by Internet Express (continued)
Network Service | Default Access Setting |
pop2 | Allows you to run the POP2 (Post Office Protocol Version 2) |
poppassd | Allows you to change passwords |
popper | Allows you to run the POP3 (Post Office Protocol Version 3) |
rexecd | Allows you to execute commands on a remote system |
rlogind | Allows you to log in to a remote system |
rpc.rwalld | Allows you to broadcast a message to all users logged in to a remote system |
rpc.rstatd | Allows you to gather statistics on a remote host's operating system |
rpc.rquotad | Returns quotas for a user of a local file system that is mounted by a remote system |
| over Network File System (NFS) |
rpc.rusersd | Displays a list of users on a remote system |
rpc.sprayd | Records the packets sent in a |
| number of packets received on the remote system and the transfer rate |
rshd | Runs a shell on a remote system |
sendmail | Allows mail to be delivered between the local and remote systems |
telnetd | Allows you to communicate with a remote system by means of a virtual terminal |
tftpd | Supports the Trivial File Transfer Protocol (tftp), which transfers files to and from |
| a remote system |
|
|
You can use TCP Wrapper to control access to network services other than those wrapped by Internet Express, and include these additional services in the list displayed on the Display/Update Configuration form, as follows:
1.Make sure an entry for the service exists in the /etc/inetd.conf file. The entry must not include the TCP Wrapper (/usr/sbin/tcpd).
2.Add an entry for the service in the /usr/internet/security/config.tcp file to provide a name and description to use on the Display/Update Configuration form. The following example shows the entry for the fingerd service:
The user information server for networks :fingerd
3.Edit the /usr/internet/security/hosts.allow file to specify the access setting for the service. The following example is the entry in the /usr/internet/security/ hosts.allow file for the fingerd service:
fingerd:ALL:ALLOW
4.Run the /usr/internet/security/install.sh script to add TCP Wrapper to the service's entry in the /etc/inetd.conf file, and to copy the modified /usr/internet/ security/hosts.allow file to /etc/hosts.allow.
You can use the /usr/internet/security/deinstall.sh script to remove the TCP wrapper from all services in the inetd.conf file.
Modifying Access to a Wrapped Network ServiceTo modify the access setting for a network service, follow these steps:
1.From the Internet Express Main menu, choose Manage Components.
2.From the Manage Components Menu, under Network Security, choose TCP Wrapper.
168 Network Security Administration