tcpdchk(1Mtcp)

tcpdchk -- check tcp wrapper configuration

Synopsis

tcpdchk [-a] [-d] [-i inet_conf] [-v]

Description

tcpdchk examines your tcp wrapper configuration and reports all potential and real problems it can find. The program examines the tcpd access control files (by default, these are /etc/inet/hosts.allow and /etc/inet/hosts.deny), and compares the entries in these files against entries in the inetd network configuration file.

Among the problems that tcpdchk reports are non-existent pathnames; services that appear in tcpd access control rules, but are not controlled by tcpd; services that should not be wrapped; non-existent host names or non-internet address forms; occurrences of host aliases instead of official host names; hosts with a name/address conflict; inappropriate use of wildcard patterns; inappropriate use of NIS netgroups or references to non-existent NIS netgroups; references to non-existent options; and invalid arguments to options.

Where possible, tcpdchk provides a helpful suggestion to fix the problem.

Options

tcpdchk understands the following options:

-a: Report access control rules that permit access without an explicit ALLOW keyword.
-d: Examine hosts.allow and hosts.deny files in the current directory instead of the default ones.
-i inet_conf: Specify this option if tcpdchk is unable to find your inetd.conf network configuration file, or when you suspect that the program uses the wrong one.
-v: Display the contents of each access control rule. Daemon lists, client lists, shell commands and options are shown in a pretty-printed format. This makes it easier for you to spot any discrepancies between what you want and what the program understands.

Files

/etc/inet/hosts.allow
/etc/inet/hosts.deny

References

tcpdmatch(1Mtcp), hosts_access(4tcp), inetd.conf(4tcp)

Notices

Author

Wietse Venema (wietse@wzv.win.tue.nl),
Department of Mathematics and Computing Science,
Eindhoven University of Technology
Den Dolech 2, P.O. Box 513,
5600 MB Eindhoven, The Netherlands