diff options
author | Carsten Schlote <c.schlote@konzeptpark.de> | 2010-02-18 11:22:56 +0100 |
---|---|---|
committer | Marc Kleine-Budde <mkl@pengutronix.de> | 2010-02-21 14:22:42 +0100 |
commit | 102b53bdf6da29356b8a761ed0a3c4e489b42b8c (patch) | |
tree | a021ac8447af76359ce86678c948687f7c3dac46 | |
parent | 4b8afe029cfa0b2befcaf649100ccc2f8135db79 (diff) | |
download | ptxdist-102b53bdf6da29356b8a761ed0a3c4e489b42b8c.tar.gz ptxdist-102b53bdf6da29356b8a761ed0a3c4e489b42b8c.tar.xz |
[tcpwrapper] add configurations for tcpd
- Added alternative configurations for tcpd and default
generic files for ptxdist
Signed-off-by: Carsten Schlote <c.schlote@konzeptpark.de>
[mkl: removed "default y" from tcpd]
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
-rw-r--r-- | generic/etc/hosts.allow | 12 | ||||
-rw-r--r-- | generic/etc/hosts.deny | 19 | ||||
-rw-r--r-- | rules/tcpwrapper.in | 15 | ||||
-rw-r--r-- | rules/tcpwrapper.make | 7 |
4 files changed, 50 insertions, 3 deletions
diff --git a/generic/etc/hosts.allow b/generic/etc/hosts.allow new file mode 100644 index 000000000..c5d281f60 --- /dev/null +++ b/generic/etc/hosts.allow @@ -0,0 +1,12 @@ +# /etc/hosts.allow: list of hosts that are allowed to access the system. +# See the manual pages hosts_access(5) and hosts_options(5). +# +# Example: ALL: LOCAL @some_netgroup +# ALL: .foobar.edu EXCEPT terminalserver.foobar.edu +# +# If you're going to protect the portmapper use the name "portmap" for the +# daemon name. Remember that you can only use the keyword "ALL" and IP +# addresses (NOT host or domain names) for the portmapper, as well as for +# rpc.mountd (the NFS mount daemon). See portmap(8) and rpc.mountd(8) +# for further information. +# diff --git a/generic/etc/hosts.deny b/generic/etc/hosts.deny new file mode 100644 index 000000000..7d19ad10b --- /dev/null +++ b/generic/etc/hosts.deny @@ -0,0 +1,19 @@ +# /etc/hosts.deny: list of hosts that are _not_ allowed to access the system. +# See the manual pages hosts_access(5) and hosts_options(5). +# +# Example: ALL: some.host.name, .some.domain +# ALL EXCEPT in.fingerd: other.host.name, .other.domain +# +# If you're going to protect the portmapper use the name "portmap" for the +# daemon name. Remember that you can only use the keyword "ALL" and IP +# addresses (NOT host or domain names) for the portmapper, as well as for +# rpc.mountd (the NFS mount daemon). See portmap(8) and rpc.mountd(8) +# for further information. +# +# The PARANOID wildcard matches any host whose name does not match its +# address. + +# You may wish to enable this to ensure any programs that don't +# validate looked up hostnames still leave understandable logs. In past +# versions of Debian this has been the default. +# ALL: PARANOID diff --git a/rules/tcpwrapper.in b/rules/tcpwrapper.in index 82e3c8c06..e548ee543 100644 --- a/rules/tcpwrapper.in +++ b/rules/tcpwrapper.in @@ -1,5 +1,6 @@ ## SECTION=networking -menuconfig TCPWRAPPER + +menuconfig TCPWRAPPER tristate prompt "tcpwrapper " help @@ -14,12 +15,22 @@ menuconfig TCPWRAPPER client or server applications, and impose no overhead on the actual conversation between the client and server applications. +if TCPWRAPPER + config TCPWRAPPER_INSTALL_TCPD bool prompt "Install /usr/sbin/tcpd" - depends on TCPWRAPPER help The tcpd program can be set up to monitor incoming requests for telnet, finger, ftp, exec, rsh, rlogin, tftp, talk, comsat and other services that have a one-to-one mapping onto executable files. +config TCPWRAPPER_INSTALL_HOSTS_ACCESS_CONFIGS + bool + select TCPWRAPPER_INSTALL_TCPD + prompt "Install /etc/hosts.{allow|deny}" + help + Install the hosts.allow and hosts.deny configs from either + projectroot or from ptxdist/generics. + +endif diff --git a/rules/tcpwrapper.make b/rules/tcpwrapper.make index 417953360..3e9d9427d 100644 --- a/rules/tcpwrapper.make +++ b/rules/tcpwrapper.make @@ -23,7 +23,6 @@ TCPWRAPPER_URL := ftp://ftp.porcupine.org/pub/security/$(TCPWRAPPER).tar.gz TCPWRAPPER_SOURCE := $(SRCDIR)/$(TCPWRAPPER).tar.gz TCPWRAPPER_DIR := $(BUILDDIR)/$(TCPWRAPPER) - # ---------------------------------------------------------------------------- # Get # ---------------------------------------------------------------------------- @@ -71,6 +70,12 @@ $(STATEDIR)/tcpwrapper.targetinstall: ifdef PTXCONF_TCPWRAPPER_INSTALL_TCPD @$(call install_copy, tcpwrapper, 0, 0, 0755, $(TCPWRAPPER_DIR)/tcpd, /usr/sbin/tcpd) endif + +ifdef PTXCONF_TCPWRAPPER_INSTALL_HOSTS_ACCESS_CONFIGS + @$(call install_alternative, tcpwrapper, 0, 0, 0644, /etc/hosts.allow) + @$(call install_alternative, tcpwrapper, 0, 0, 0644, /etc/hosts.deny) +endif + @$(call install_finish, tcpwrapper) @$(call touch) |