ARCHIVED: What is tcp_wrappers, and how do I use it?

This content has been archived, and is no longer maintained by Indiana University. Information here may no longer be accurate, and links may no longer be available or reliable.

UITS highly recommends tcp_wrappers as a security tool for all Indiana University Unix workstations and servers. Many distributions include it by default; consult your distribution's documentation. The University Information Security Office (UISO) has instructions for downloading, installing, and using tcp_wrappers on its website.

The tcp_wrappers utility is usually configured to wrap around TCP-based services defined in inetd.conf. When a remote host accesses a "wrapped" service, the connection has to first go through the logging and access control mechanisms enforced by tcp_wrappers before it is allowed to proceed.

If you must allow network access to your computer, you can use the improved access logging facility provided by tcp_wrappers even for services (such as rlogin) that traditionally do not have a very good logging mechanism. These logs are useful in tracking unauthorized use.

You can use tcp_wrappers for fine-grained control over who can and cannot access your computer. You can enforce access control differently for each wrapped service. For example, you can limit telnet access to a specific domain (such as indiana.edu) but allow world access for FTP (with improved logging).

At Indiana University, for personal or departmental Linux or Unix systems support, see Get help for Linux or Unix at IU.

This is document adop in the Knowledge Base.
Last modified on 2018-01-18 10:31:37.