tcpdmatch

News	Lecture Notes	Inetd	Recommended Books	Recommended Links	The TCP Wrappers configuration language
inetd services	Xinetd	tcpdchk	Loggings	Humor	Etc

The tcpdmatch utility enables you to test specific examples against your configuration files. Again, tcpdmatch enables you to test against a hosts.allow file in your current directory by specifying the -d option. It also recognizes the -i/path/to/inetd.conf if tcpdmatch has trouble finding it.

tcpdmatch [-d] [-i inet_conf] daemon[@server] [user@client]

The program examines the tcpd access control tables (default /etc/inet/hosts.allow and /etc/inet/hosts.deny) and prints its conclusion. For maximum accuracy, it extracts additional information from your inetd network configuration file.

When tcpdmatch finds a match in the access control tables, it identifies the matched rule. In addition, it displays the optional shell commands or options in a pretty-printed format. This makes it easier for you to spot any discrepancies between what you want and what the program understands.

The following two arguments are always required:

daemon[@server]: A daemon process name. Typically, the last component of a daemon executable pathname.
The optionally specified server may be a host name or network address, or one of the unknown or paranoid wildcard patterns. The default server name is `unknown'.
[user@]client: A host name or network address, or one of the unknown or paranoid wildcard patterns.
The optionally specified user is a client user identifier, typically, a login name or a numeric userid. The default user name is unknown.

When a client host name is specified, tcpdmatch gives a prediction for each address listed for that client.

When a client address is specified, tcpdmatch predicts what tcpd would do when client name lookup fails.

Options

tcpdmatch understands the following options:

-d: Examine hosts.allow and hosts.deny files in the current directory instead of the default ones.
-i inet_conf: Specify this option when tcpdmatch is unable to find your inetd network configuration file, or when you suspect that the program uses the wrong one.

References

hosts_access(4tcp), inetd.conf(4tcp), tcpdchk(1Mtcp)

Author

Wietse Venema (wietse@wzv.win.tue.nl),
Department of Mathematics and Computing Science,
Eindhoven University of Technology
Den Dolech 2, P.O. Box 513,
5600 MB Eindhoven, The Netherlands

Examples

To predict how tcpd would handle a telnet request from the local system:

tcpdmatch in.telnetd localhost

The same request, pretending that hostname lookup failed:

tcpdmatch in.telnetd 127.0.0.1

To predict what tcpd would do when the client name does not match the client address:

tcpdmatch in.telnetd paranoid

Old News ;-)

Recommended Links

tcpdmatch command availability

tcpdmatch(1Mtcp)

Authen-Tcpdmatch - search.cpan.orgAuthen::Tcpdmatch, Perl extension for parsing hosts.allow and hosts.deny.

Copyright © 1996-2009 by Dr. Nikolai Bezroukov. www.softpanorama.org was created as a service to the UN Sustainable Development Networking Programme (SDNP) in the author free time. Submit comments This document is an industrial compilation designed and created exclusively for educational use and is placed under the copyright of the Open Content License(OPL). Site uses AdSense so you need to be aware of Google privacy policy. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

Disclaimer:

The statements, views and opinions presented on this web page are those of the author and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with.
We do not warrant the correctness of the information provided or its fitness for any purpose
In no way this site is associated with or endorse cybersquatters using the term "softpanorama" with other main or country domains (e.g. softpanorama.com) with bad faith intent to profit from the goodwill belonging to someone else.

Last modified: August 11, 2009