Re: [suse-security] tcp wrappers and banners
Hello Niki,
Hi All, I am trying to figure out the differences with the tcpd package that is a security wrapper for TCP daemons and other tcp wrapper packages. Normally, I have seen a Banners.Makefile loaded with some packages, for example, tcp_wrappers-7.6 installs it as /usr/share/doc/tcp_wrappers-7.6/Banners.Makefile. But tcpd does not include this file in the rpm package. Yet both packages have the same README file which mentions the use of Banners.Makefile. Can I assume the tcpd package could utilize a similar Banners.Makefile format as that used in tcp_wrappers-7.6? ie. Could I copy the Banners.Makefile from the tcp_wrappers package into the tcpd directory?
This Makefile has only one purpose: It reformats the banner messages that you can feed to a declined client to a protocol format that the client can read. In particular, the ftp protocol needs the string "220-" at the beginning of each line if the text following this prefix is supposed to be shown to the user. Most other protocols do not need this special treatment or their implementations do not show any input from the network socket at all. in.rlogind wants to have a (one-byte) NULL character before the text that explains why the connection has been declined. in.rshd (the non-interactive equivalent) does not show any input at all. We guess that secure shell obsoletes rlogind (as well as rshd in most cases) so that the only win from the Banners.Makefile is the knowledge of the "220-" feature in the ftp control connection protocol. Of course, the same Makefile would work. It's just not included because the usefulness is limited.
Thanks,
Niki A. Rahimi narahimi@us.ibm.com
Thanks,
Roman.
--
- -
| Roman Drahtmüller
participants (1)
-
Roman Drahtmueller