tcpdmatch(1Mtcp)


tcpdmatch -- predict how tcp wrappers will behave

Synopsis

tcpdmatch [-d] [-i inet_conf] daemon[@server] [user@client]

Description

tcpdmatch predicts how the tcp wrapper would handle a specific request for service.

The program examines the tcpd access control tables (default /etc/inet/hosts.allow and /etc/inet/hosts.deny) and prints its conclusion. For maximum accuracy, it extracts additional information from your inetd network configuration file.

When tcpdmatch finds a match in the access control tables, it identifies the matched rule. In addition, it displays the optional shell commands or options in a pretty-printed format. This makes it easier for you to spot any discrepancies between what you want and what the program understands.

Arguments

The following two arguments are always required:

daemon[@server]
A daemon process name. Typically, the last component of a daemon executable pathname.

The optionally specified server may be a host name or network address, or one of the unknown or paranoid wildcard patterns. The default server name is `unknown'.


[user@]client
A host name or network address, or one of the unknown or paranoid wildcard patterns.

The optionally specified user is a client user identifier, typically, a login name or a numeric userid. The default user name is unknown.

When a client host name is specified, tcpdmatch gives a prediction for each address listed for that client.

When a client address is specified, tcpdmatch predicts what tcpd would do when client name lookup fails.

Options

tcpdmatch understands the following options:

-d
Examine hosts.allow and hosts.deny files in the current directory instead of the default ones.

-i inet_conf
Specify this option when tcpdmatch is unable to find your inetd network configuration file, or when you suspect that the program uses the wrong one.

Files

/etc/inet/hosts.allow
/etc/inet/hosts.deny

References

hosts_access(4tcp), inetd.conf(4tcp), tcpdchk(1Mtcp)

Notices

Author

Wietse Venema (wietse@wzv.win.tue.nl),
Department of Mathematics and Computing Science,
Eindhoven University of Technology
Den Dolech 2, P.O. Box 513,
5600 MB Eindhoven, The Netherlands

Examples

To predict how tcpd would handle a telnet request from the local system:

tcpdmatch in.telnetd localhost

The same request, pretending that hostname lookup failed:

tcpdmatch in.telnetd 127.0.0.1

To predict what tcpd would do when the client name does not match the client address:

tcpdmatch in.telnetd paranoid


© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 25 April 2004