What is tcp_wrappers, and how do I use it?
UITS highly recommends
tcp_wrappers as a
security tool for all Indiana University Unix workstations
and servers. Many distributions include it by default; consult your
distribution's documentation. The University Information Security
Office (UISO) has instructions for downloading, installing, and
tcp_wrappers on its web site.
tcp_wrappers utility is usually configured to wrap
around TCP-based services defined in
inetd.conf. When a
remote host accesses a "wrapped" service, the connection has to first
go through the logging and access control mechanisms enforced by
tcp_wrappers before it is allowed to proceed.
If you must allow network access to your computer, you can use the
improved access logging facility provided by
even for services (such as
rlogin) that traditionally do
not have a very good logging mechanism. These logs are useful in
tracking unauthorized use.
You can use
tcp_wrappers for fine-grained control over
who can and cannot access your computer. You can enforce access
control differently for each wrapped service. For example, you can
limit telnet access to a specific domain (such as
indiana.edu) but allow world access for FTP
(with improved logging).
At Indiana University, for personal or departmental Linux or Unix systems support, see At IU, how do I get support for Linux or Unix?
Last modified on July 09, 2012.