TCP Wrappers (Unix Power Tools, 3rd Edition)

48.12. TCP Wrappers

TCP Wrappers are programs that work with inetd to monitor and filter telnet, ftp, rlogin, and other services. In particular, TCP wrappers provide log information showing access using these services, particularly helpful if you're trying to determine if someone's attempting to break into your system.

In FreeBSD, the TCP wrapper tcpd (documented at http://www.freebsddiary.org/tcpwrapper.php) is built into the system starting with FreeBSD 3.2 release, and is configured through the /etc/syslog.conf file. The following lines from an existing file show that TCP logging is turned on for all remote access such as telnet, putting the log messages into a file called auth.log:

auth.*                                          /var/log/auth.log
mail.info                                       /var/log/maillog
lpr.info                                        /var/log/lpd-errs

Since I have telnet, rlogin, etc. disabled from my system, nothing shows in the log file.

The TCP wrapper is also installed by default in Mac OS X. The tcpd daemon is installed in place of the service -- such as in place of fingerd -- or the entry for the service is adjusted to point to tcpd in /etc/inetd.conf:

finger  stream   tcp  nowait  nobody  /some/where/tcpd   in.fingerd

By default, all unprotected external sources are wrapped with the TCP wrapper.

In some systems, the TCP wrapper is controlled by the /etc/hosts.allow and /etc/hosts.deny files instead of within syslog.conf. You'll want to check tcpd for your system by accessing the manpage for it:

# man tcpd

The same configuration and TCP wrapper (Section 46.5) -- known as the Wietse Venema's network logger -- is used with Debian (downloadable at http://packages.debian.org/stable/base/tcpd.html) and Linux, as well as other operating systems.

-- SP