1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
|
.TH HOSTS_OPTIONS 5
.SH NAME
hosts_options \- ۥȥȥγĥ
.SH DESCRIPTION
ʸϡhosts_access(5) ʸˡΥץʥʳĥ
ĤƲ⤹ΤǤ롣γĥϡץѥ뤷
ݤѤβݤޤ롣㤨СMakefile Խѥ
PROCESS_OPTIONS ͭˤǤ롣
.PP
ĥϤΤ褦ʷǤ:
.sp
.ti +3
daemon_list : client_list : option : option ...
.PP
ǽΤդĤΥեɤˤĤƤϡhosts_access(5) Υޥ˥奢
Dz⤵Ƥ롣롼λĤʬϡ0 İʾΥץ
Ǥ롣ץǤϡ٤Ƥ ":" ȤʸϥХå
ˤäݸɬפ롣
.PP
ץ "keyword" ޤ "keyword value" ηȤ롣
ϵҤ줿˲ᤵ롣ĤΥץ
%<letter> ˤ֤ꤷƤ롣ΥСȤθߴ
Τˡ"=" keyword value() δ֤ˤƤ
롣
.SH LOGGING (εϿ)
.IP "severity mail.info"
.IP "severity notice"
٥Ȥ˵Ͽ severity("㤷") Υ٥ѹ롣
Facility names (ؤιܡȤ mail) ǤդǤꡢ
Ť syslog μǤϥݡȤƤʤseverity ץ
ϡؼ줿٥ȤĴ뤫뤤̵뤹뤿ͭդ
롣
.SH ACCESS CONTROL (β)
.IP "allow"
.IP "deny"
ӥβݡΥץϡ롼κǸ˵Ҥʤ
Фʤʤ
.PP
\fIallow\fR \fIdeny\fR ϡ٤ƤΥȥΥ롼
ҤȤĤΥե롢Ȥ\fIhosts.allow\fR Ǽ
ǽˤƤ롣
.sp
줿ۥȤ˥Ĥˤ:
.sp
.ne 2
.ti +3
ALL: .friendly.domain: ALLOW
.ti +3
ALL: ALL: DENY
.sp
ȥ֥ᥤȤʤ롢ĤΥۥȤơ٤ƤΥۥ
ΥĤˤ:
.sp
.ne 2
.ti +3
ALL: .bad.domain: DENY
.ti +3
ALL: ALL: ALLOW
.sp
ɥᥤ̾ΥѥκǽˤϥɥåȤĤƤܤ줿
.SH RUNNING OTHER COMMANDS (ޥɤμ¹)
.IP "spawn shell_command"
hosts_access(5) Υޥ˥奢Dz⤵ %<letter> ֤
¹Ԥ줿ΤˡҥץǡΥ륳ޥɤ¹Ԥ롣
ޥɤɸϡɸϡɸ२顼Ϥ null ǥХ
˷Ҥ֤Ǽ¹Ԥ롣äơˤäƥ饤
ۥȤȤβä𤹤褦ʤȤϤʤ㤨:
.sp
.nf
.ti +3
spawn (/some/where/safe_finger -l @%h | /usr/ucb/mail root) &
.fi
.sp
ϡ%h ⡼ȥۥȤ̾ޤϥɥ쥹֤Τ
ˡХå饦ɤλҥץǡ륳ޥ
"safe_finger -l @%h | mail root" ¹Ԥ롣
.sp
Ǥϡ(⡼Ȥ) finger СƤǡ
äơ⤿餵ǽޤ뤿ᡢɸ
"finger" ޥɤä "safe_finger" ޥɤѤƤ롣
"safe_finger" ޥɤϡdaemon wrapper package ˴ޤޤ
롣ϡɸ finger ϪʧȤơ⡼ȥۥȤ
ǡե륿롣
.IP "twist shell_command"
hosts_access(5) Υޥ˥奢Dz⤵ %<letter> ֤
¹Ԥ줿ΤˡߤΥץᤵ줿륳ޥɤ
롣ɸϡɸϤɸ२顼Ϥϡ饤
Υץ³롣Υץϥ롼κǸ˵Ҥɬ
פ롣
.sp
ºݤ ftp ǡäơåѹƥ饤
֤ˤ:
.sp
.nf
.ti +3
in.ftpd : ... : twist /bin/echo 421 Some bounce message
.fi
.sp
饤ȥץȲä̤ˡȤơҤ
\fIbanners\fR ץȤ줿
.sp
/some/other/in.telnetd ޥɥ饤ΰץδĶ
ѿˤäƱ뤳Ȥʤ¹Ԥˤ:
.sp
.nf
.ti +3
in.telnetd : ... : twist PATH=/some/other; exec in.telnetd
.fi
.sp
ٹ: UDP ӥˤƤϡstandard I/O ѡޤϥ饤
ȥץȤθΤ read(2)/write(2) 롼ȡ
command Ʊʤ褦; UCP ϡޤ̤δŪ I/O ɬ
Ȥ롣
.SH NETWORK OPTIONS (ͥåȥ˴ؤ륪ץ)
.IP "keepalive"
Ū˥Сϥ饤Ȥ˥å褦ˤʤ롣⤷
饤Ȥαʤ硢³Ǥ줿Τȸʤ
롣 keepalive ץϡ桼С˷ѤäƤ
֤ˡޥŸڤäͭѤǤ롣keepalive ץ
datagram (UDP) services ˤΩʤ
.IP "linger number_of_seconds"
СΥץ³ǤΤͥ뤬̤ǡ
ߤ֤ؼ롣
.SH USERNAME LOOKUP (桼̾䤤碌)
.IP "rfc931 [ timeout_in_seconds ]"
RFC 931 (TAP, IDENT, RFC 1413) ˤǡ饤ȥ桼
̾䤤碌롣ӥ TCP ʳžˡ˴ŤƤ
ϡΥץۤä̵뤵롣ˡϥ饤
ȤΥƥब RFC 931 ȸߴΤǡ (IDENT ʤ)
餻Ƥ뤳Ȥǡnon-UNIX Υ饤Ȥ³Ф
Ƥϡ٤ʤtimeout ޤǤÿǤդǤ롣
timeout ؼʤ硢ѥ˷줿ͤȤ
롣
.SH MISCELLANEOUS (¾λ)
.IP "banners /some/directory"
`/some/directory' ǡǡץ̾Ȱפե
(ȤСtelnet ӥʤ in.tenletd)õƤ
饤ȤФƥԡ롣ʸϡCR(carriage-return)
ʸ֤졢%<letter> Ÿ (hosts_access(5)
Υޥ˥奢)
.sp
tcp wrapper ۥˤϡݤ褯 banner ݼ餹뤿Ρ
ץ makefile (Banners.Makefile) ޤޤƤ롣
.sp
ٹ: banners connection-oriented (TCP) network (ͥ
˻ظι⤤ӥ)ǤΤѤǤ롣
.IP "nice [ number ]"
ץ nice ͤѹ(ͤ 10)¾Υץˡ
¿ CPU Ƥˤϡͤؼ롣
.IP "setenv name value"
(name, value) ΥڥץδĶѿꤹ롣value
%<letter> ؤŸΤȲꤵ졢ۥ磻ȥڡѤ
ɬפ(ζڤΤƤ)
.sp
ٹ: ¿Υͥåȥǡ login ޤ shell ץ
ƵưˡδĶѿꥻåȤ롣
.IP "umask 022"
Υӥȥޥ umask Ȼǽ022 umask ϡ
group world ˤ߶ػ֤ˤäơեκ
ͽɤ롣umask ΰ 8 ʿǤʤФʤʤ
.IP "user nobody"
.IP "user nobody.kmem"
桼 "nobody" (ޤϥ桼 "nobody", 롼 "kmem")ϡ
̤ʰȤߤʤǽηϡroot ¤ƤΥӥ
Ԥ褦 inetdμͭѤǤ롣ܤηϡ롼פ
¤ΤߤɬפʥӥΤͭѤǤ롣
.SH DIAGNOSTICS
ȥ롼ʸˡ顼ȯ줿硢顼
syslog ǡ𤵤롣;פʥץ̵뤵졢
ϵݤ롣
.SH SEE ALSO
hosts_access(5), Ūʥȥ
.SH AUTHOR
.na
.nf
Wietse Venema (wietse@wzv.win.tue.nl)
Department of Mathematics and Computing Science
Eindhoven University of Technology
Den Dolech 2, P.O. Box 513,
5600 MB Eindhoven, The Netherlands
.SH
.na
.nf
FUKUSHIMA Osamu/ʡ <fuku@amorph.rim.or.jp>
\" @(#) hosts_options.5 1.10 94/12/28 17:42:28
|
