diff options
Diffstat (limited to '')
-rw-r--r-- | templates/man8/tcpd.8.pot | 405 |
1 files changed, 405 insertions, 0 deletions
diff --git a/templates/man8/tcpd.8.pot b/templates/man8/tcpd.8.pot new file mode 100644 index 00000000..bdec358c --- /dev/null +++ b/templates/man8/tcpd.8.pot @@ -0,0 +1,405 @@ +# SOME DESCRIPTIVE TITLE +# Copyright (C) YEAR Free Software Foundation, Inc. +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"POT-Creation-Date: 2023-06-27 19:58+0200\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" +"Language-Team: LANGUAGE <LL@li.org>\n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. type: TH +#: debian-bookworm debian-unstable +#, no-wrap +msgid "TCPD" +msgstr "" + +#. type: SH +#: debian-bookworm debian-unstable +#, no-wrap +msgid "NAME" +msgstr "" + +#. type: Plain text +#: debian-bookworm debian-unstable +msgid "tcpd - access control facility for internet services" +msgstr "" + +#. type: SH +#: debian-bookworm debian-unstable +#, no-wrap +msgid "DESCRIPTION" +msgstr "" + +#. type: Plain text +#: debian-bookworm debian-unstable +msgid "" +"The I<tcpd> program can be set up to monitor incoming requests for " +"I<telnet>, I<finger>, I<ftp>, I<exec>, I<rsh>, I<rlogin>, I<tftp>, I<talk>, " +"I<comsat> and other services that have a one-to-one mapping onto executable " +"files." +msgstr "" + +#. type: Plain text +#: debian-bookworm debian-unstable +msgid "" +"The program supports both 4.3BSD-style sockets and System V.4-style TLI. " +"Functionality may be limited when the protocol underneath TLI is not an " +"internet protocol." +msgstr "" + +#. type: Plain text +#: debian-bookworm debian-unstable +msgid "" +"There are two possible modes of operation: execution of I<tcpd> before a " +"service started by I<inetd>, or linking a daemon with the I<libwrap> shared " +"library as documented in the I<hosts_access>(3) manual page. Operation when " +"started by I<inetd> is as follows: whenever a request for service arrives, " +"the I<inetd> daemon is tricked into running the I<tcpd> program instead of " +"the desired server. I<tcpd> logs the request and does some additional " +"checks. When all is well, I<tcpd> runs the appropriate server program and " +"goes away." +msgstr "" + +#. type: Plain text +#: debian-bookworm debian-unstable +msgid "" +"Optional features are: pattern-based access control, client username lookups " +"with the RFC 931 etc. protocol, protection against hosts that pretend to " +"have someone elses host name, and protection against hosts that pretend to " +"have someone elses network address." +msgstr "" + +#. type: SH +#: debian-bookworm debian-unstable +#, no-wrap +msgid "LOGGING" +msgstr "" + +#. type: Plain text +#: debian-bookworm debian-unstable +msgid "" +"Connections that are monitored by I<tcpd> are reported through the " +"I<syslog>(3) facility. Each record contains a time stamp, the client host " +"name and the name of the requested service. The information can be useful " +"to detect unwanted activities, especially when logfile information from " +"several hosts is merged." +msgstr "" + +#. type: Plain text +#: debian-bookworm debian-unstable +msgid "" +"In order to find out where your logs are going, examine the syslog " +"configuration file, usually /etc/syslog.conf." +msgstr "" + +#. type: SH +#: debian-bookworm debian-unstable +#, no-wrap +msgid "ACCESS CONTROL" +msgstr "" + +#. type: Plain text +#: debian-bookworm debian-unstable +msgid "" +"Optionally, I<tcpd> supports a simple form of access control that is based " +"on pattern matching. The access-control software provides hooks for the " +"execution of shell commands when a pattern fires. For details, see the " +"I<hosts_access>(5) manual page." +msgstr "" + +#. type: SH +#: debian-bookworm debian-unstable +#, no-wrap +msgid "HOST NAME VERIFICATION" +msgstr "" + +#. type: Plain text +#: debian-bookworm debian-unstable +msgid "" +"The authentication scheme of some protocols (I<rlogin, rsh>) relies on host " +"names. Some implementations believe the host name that they get from any " +"random name server; other implementations are more careful but use a flawed " +"algorithm." +msgstr "" + +#. type: Plain text +#: debian-bookworm debian-unstable +msgid "" +"I<tcpd> verifies the client host name that is returned by the address-" +"E<gt>name DNS server by looking at the host name and address that are " +"returned by the name-E<gt>address DNS server. If any discrepancy is " +"detected, I<tcpd> concludes that it is dealing with a host that pretends to " +"have someone elses host name." +msgstr "" + +#. type: Plain text +#: debian-bookworm debian-unstable +msgid "" +"If the sources are compiled with -DPARANOID, I<tcpd> will drop the " +"connection in case of a host name/address mismatch. Otherwise, the hostname " +"can be matched with the I<PARANOID> wildcard, after which suitable action " +"can be taken." +msgstr "" + +#. type: SH +#: debian-bookworm debian-unstable +#, no-wrap +msgid "HOST ADDRESS SPOOFING" +msgstr "" + +#. type: Plain text +#: debian-bookworm debian-unstable +msgid "" +"Optionally, I<tcpd> disables source-routing socket options on every " +"connection that it deals with. This will take care of most attacks from " +"hosts that pretend to have an address that belongs to someone elses network. " +"UDP services do not benefit from this protection. This feature must be " +"turned on at compile time." +msgstr "" + +#. type: SH +#: debian-bookworm debian-unstable +#, no-wrap +msgid "RFC 931" +msgstr "" + +#. type: Plain text +#: debian-bookworm debian-unstable +msgid "" +"When RFC 931 etc. lookups are enabled (compile-time option) I<tcpd> will " +"attempt to establish the name of the client user. This will succeed only if " +"the client host runs an RFC 931-compliant daemon. Client user name lookups " +"will not work for datagram-oriented connections, and may cause noticeable " +"delays in the case of connections from PCs." +msgstr "" + +#. type: SH +#: debian-bookworm debian-unstable +#, no-wrap +msgid "EXAMPLES" +msgstr "" + +#. type: Plain text +#: debian-bookworm debian-unstable +msgid "" +"The details of using I<tcpd> depend on pathname information that was " +"compiled into the program." +msgstr "" + +#. type: SH +#: debian-bookworm debian-unstable +#, no-wrap +msgid "EXAMPLE 1" +msgstr "" + +#. type: Plain text +#: debian-bookworm debian-unstable +msgid "" +"This example applies when I<tcpd> expects that the original network daemons " +"will be moved to an \"other\" place." +msgstr "" + +#. type: Plain text +#: debian-bookworm debian-unstable +msgid "" +"In order to monitor access to the I<finger> service, move the original " +"finger daemon to the \"other\" place and install tcpd in the place of the " +"original finger daemon. No changes are required to configuration files." +msgstr "" + +#. type: Plain text +#: debian-bookworm debian-unstable +#, no-wrap +msgid "" +"# mkdir /other/place\n" +"# mv /usr/sbin/in.fingerd /other/place\n" +"# cp tcpd /usr/sbin/in.fingerd\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm debian-unstable +msgid "" +"The example assumes that the network daemons live in /usr/sbin. On some " +"systems, network daemons live in /usr/sbin or in /usr/libexec, or have no " +"`in.\\' prefix to their name." +msgstr "" + +#. type: SH +#: debian-bookworm debian-unstable +#, no-wrap +msgid "EXAMPLE 2" +msgstr "" + +#. type: Plain text +#: debian-bookworm debian-unstable +msgid "" +"This example applies when I<tcpd> expects that the network daemons are left " +"in their original place." +msgstr "" + +#. type: Plain text +#: debian-bookworm debian-unstable +msgid "" +"In order to monitor access to the I<finger> service, perform the following " +"edits on the I<inetd> configuration file (usually I</etc/inetd.conf>):" +msgstr "" + +#. type: Plain text +#: debian-bookworm debian-unstable +#, no-wrap +msgid "finger stream tcp nowait nobody /usr/sbin/in.fingerd in.fingerd\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm debian-unstable +#, no-wrap +msgid "becomes:\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm debian-unstable +#, no-wrap +msgid "finger stream tcp nowait nobody /usr/sbin/tcpd in.fingerd\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm debian-unstable +msgid "" +"The example assumes that the network daemons live in /usr/sbin. On some " +"systems, network daemons live in /usr/sbin or in /usr/libexec, the daemons " +"have no `in.\\' prefix to their name, or there is no userid field in the " +"inetd configuration file." +msgstr "" + +#. type: Plain text +#: debian-bookworm debian-unstable +msgid "" +"Similar changes will be needed for the other services that are to be covered " +"by I<tcpd>. Send a `kill -HUP\\' to the I<inetd>(8) process to make the " +"changes effective." +msgstr "" + +#. type: SH +#: debian-bookworm debian-unstable +#, no-wrap +msgid "EXAMPLE 3" +msgstr "" + +#. type: Plain text +#: debian-bookworm debian-unstable +msgid "" +"In the case of daemons that do not live in a common directory (\"secret\" or " +"otherwise), edit the I<inetd> configuration file so that it specifies an " +"absolute path name for the process name field. For example:" +msgstr "" + +#. type: Plain text +#: debian-bookworm debian-unstable +#, no-wrap +msgid " ntalk dgram udp wait root /usr/sbin/tcpd /usr/local/lib/ntalkd\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm debian-unstable +msgid "" +"Only the last component (ntalkd) of the pathname will be used for access " +"control and logging." +msgstr "" + +#. type: SH +#: debian-bookworm debian-unstable +#, no-wrap +msgid "BUGS" +msgstr "" + +#. type: Plain text +#: debian-bookworm debian-unstable +msgid "" +"Some UDP (and RPC) daemons linger around for a while after they have " +"finished their work, in case another request comes in. In the inetd " +"configuration file these services are registered with the I<wait> option. " +"Only the request that started such a daemon will be logged." +msgstr "" + +#. type: Plain text +#: debian-bookworm debian-unstable +msgid "" +"The program does not work with RPC services over TCP. These services are " +"registered as I<rpc/tcp> in the inetd configuration file. The only non-" +"trivial service that is affected by this limitation is I<rexd>, which is " +"used by the I<on(1)> command. This is no great loss. On most systems, " +"I<rexd> is less secure than a wildcard in /etc/hosts.equiv." +msgstr "" + +#. type: Plain text +#: debian-bookworm debian-unstable +msgid "" +"RPC broadcast requests (for example: I<rwall, rup, rusers>) always appear to " +"come from the responding host. What happens is that the client broadcasts " +"the request to all I<portmap> daemons on its network; each I<portmap> daemon " +"forwards the request to a local daemon. As far as the I<rwall> etc. daemons " +"know, the request comes from the local host." +msgstr "" + +#. type: SH +#: debian-bookworm debian-unstable +#, no-wrap +msgid "FILES" +msgstr "" + +#. type: Plain text +#: debian-bookworm debian-unstable +msgid "The default locations of the host access control tables are:" +msgstr "" + +#. type: Plain text +#: debian-bookworm debian-unstable +msgid "/etc/hosts.allow" +msgstr "" + +#. type: Plain text +#: debian-bookworm debian-unstable +msgid "/etc/hosts.deny" +msgstr "" + +#. type: SH +#: debian-bookworm debian-unstable +#, no-wrap +msgid "SEE ALSO" +msgstr "" + +#. type: Plain text +#: debian-bookworm debian-unstable +#, no-wrap +msgid "" +"hosts_access(3), functions provided by the libwrap library.\n" +"hosts_access(5), format of the tcpd access control tables.\n" +"syslog.conf(5), format of the syslogd control file.\n" +"inetd.conf(5), format of the inetd control file.\n" +msgstr "" + +#. type: SH +#: debian-bookworm debian-unstable +#, no-wrap +msgid "AUTHORS" +msgstr "" + +#. type: Plain text +#: debian-bookworm debian-unstable +#, no-wrap +msgid "" +"Wietse Venema (wietse@wzv.win.tue.nl),\n" +"Department of Mathematics and Computing Science,\n" +"Eindhoven University of Technology\n" +"Den Dolech 2, P.O. Box 513, \n" +"5600 MB Eindhoven, The Netherlands\n" +msgstr "" |