Date: Fri, 30 Aug 1996 00:02:30 +0800 (CST) From: Jian-Da Li <jdli@FreeBSD.csie.NCTU.edu.tw> To: freebsd-security@freebsd.org Subject: user_wrapper available for testing !! Message-ID: <199608291602.AAA27169@FreeBSD.csie.NCTU.edu.tw>
next in thread | raw e-mail | index | archive | help
Hi : The user_wrapper is a user-based access control which allows each user to have personal tcp_wrapper-like access control. You can get it from : ftp://freebsd.csie.nctu.edu.tw/pub/jdli/collect/user_wrapper.tgz ====== From README ======== * Related files: (mode should set to 0600) ~/.hosts.allow : allow rules ~/.hosts.deny : deny rules ~/.refused-log : refused log * Keywords currently available: 1. login : control telnetd/rlogind or anything use /usr/bin/login 2. ftpd 3. rshd 4. su : allow who can su to your account * Access control syntax: service: allow_lists #this_rule_only_applied_on_these_hosts su: allow_user_lists #this_rule_only_applied_on_these_hosts man hosts_access (from tcp_wrapper) for rule details. * Example: ~/.hosts.allow login: ALL #sun1,sun2 <= allow all, only if connect to sun1,sun2 ftpd: LOCAL rshd: .my.domain, 192.168. su: user1,user2 ~/.hosts.deny su: FAIL ALL:ALL * You may add these into ~/.login : if ( -f ~/.refused-log && ! -z ~/.refused-log) then /bin/cat ~/.refused-log * Make other daemon functional is easy, take a look at each patch. These patches are against FreeBSD 2.2-current 8/29/1996, but it should also apply to other version of FreeBSD. * Developed by Dept. of Computer Science and Information Engineering, National Chiao-Tung University Taiwan, based on tcp_wrapper. Port to FreeBSD by jdli@csie.nctu.edu.tw. -- 李 建 達 (Jian-Da Li) 交 大 資 工 E-Mail : <jdli@csie.nctu.edu.tw> http://www.csie.nctu.edu.tw/~jdli
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199608291602.AAA27169>