Date: Fri, 30 Aug 1996 00:02:30 +0800 (CST) From: Jian-Da Li <jdli@FreeBSD.csie.NCTU.edu.tw> To: freebsd-security@freebsd.org Subject: user_wrapper available for testing !! Message-ID: <199608291602.AAA27169@FreeBSD.csie.NCTU.edu.tw>
index | next in thread | raw e-mail
Hi :
The user_wrapper is a user-based access control which allows each
user to have personal tcp_wrapper-like access control.
You can get it from :
ftp://freebsd.csie.nctu.edu.tw/pub/jdli/collect/user_wrapper.tgz
====== From README ========
* Related files: (mode should set to 0600)
~/.hosts.allow : allow rules
~/.hosts.deny : deny rules
~/.refused-log : refused log
* Keywords currently available:
1. login : control telnetd/rlogind or anything use /usr/bin/login
2. ftpd
3. rshd
4. su : allow who can su to your account
* Access control syntax:
service: allow_lists #this_rule_only_applied_on_these_hosts
su: allow_user_lists #this_rule_only_applied_on_these_hosts
man hosts_access (from tcp_wrapper) for rule details.
* Example:
~/.hosts.allow
login: ALL #sun1,sun2 <= allow all, only if connect to sun1,sun2
ftpd: LOCAL
rshd: .my.domain, 192.168.
su: user1,user2
~/.hosts.deny
su: FAIL
ALL:ALL
* You may add these into ~/.login :
if ( -f ~/.refused-log && ! -z ~/.refused-log) then
/bin/cat ~/.refused-log
* Make other daemon functional is easy, take a look at each patch.
These patches are against FreeBSD 2.2-current 8/29/1996, but it
should also apply to other version of FreeBSD.
* Developed by Dept. of Computer Science and Information Engineering,
National Chiao-Tung University Taiwan, based on tcp_wrapper.
Port to FreeBSD by jdli@csie.nctu.edu.tw.
--
李 建 達 (Jian-Da Li) 交 大 資 工
E-Mail : <jdli@csie.nctu.edu.tw>
http://www.csie.nctu.edu.tw/~jdli
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199608291602.AAA27169>