# SOME DESCRIPTIVE TITLE # Copyright (C) YEAR Free Software Foundation, Inc. # This file is distributed under the same license as the PACKAGE package. # FIRST AUTHOR , YEAR. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "POT-Creation-Date: 2023-06-27 19:58+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. type: TH #: debian-bookworm debian-unstable #, no-wrap msgid "TCPD" msgstr "" #. type: SH #: debian-bookworm debian-unstable #, no-wrap msgid "NAME" msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "tcpd - access control facility for internet services" msgstr "" #. type: SH #: debian-bookworm debian-unstable #, no-wrap msgid "DESCRIPTION" msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "" "The I program can be set up to monitor incoming requests for " "I, I, I, I, I, I, I, I, " "I and other services that have a one-to-one mapping onto executable " "files." msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "" "The program supports both 4.3BSD-style sockets and System V.4-style TLI. " "Functionality may be limited when the protocol underneath TLI is not an " "internet protocol." msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "" "There are two possible modes of operation: execution of I before a " "service started by I, or linking a daemon with the I shared " "library as documented in the I(3) manual page. Operation when " "started by I is as follows: whenever a request for service arrives, " "the I daemon is tricked into running the I program instead of " "the desired server. I logs the request and does some additional " "checks. When all is well, I runs the appropriate server program and " "goes away." msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "" "Optional features are: pattern-based access control, client username lookups " "with the RFC 931 etc. protocol, protection against hosts that pretend to " "have someone elses host name, and protection against hosts that pretend to " "have someone elses network address." msgstr "" #. type: SH #: debian-bookworm debian-unstable #, no-wrap msgid "LOGGING" msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "" "Connections that are monitored by I are reported through the " "I(3) facility. Each record contains a time stamp, the client host " "name and the name of the requested service. The information can be useful " "to detect unwanted activities, especially when logfile information from " "several hosts is merged." msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "" "In order to find out where your logs are going, examine the syslog " "configuration file, usually /etc/syslog.conf." msgstr "" #. type: SH #: debian-bookworm debian-unstable #, no-wrap msgid "ACCESS CONTROL" msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "" "Optionally, I supports a simple form of access control that is based " "on pattern matching. The access-control software provides hooks for the " "execution of shell commands when a pattern fires. For details, see the " "I(5) manual page." msgstr "" #. type: SH #: debian-bookworm debian-unstable #, no-wrap msgid "HOST NAME VERIFICATION" msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "" "The authentication scheme of some protocols (I) relies on host " "names. Some implementations believe the host name that they get from any " "random name server; other implementations are more careful but use a flawed " "algorithm." msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "" "I verifies the client host name that is returned by the address-" "Ename DNS server by looking at the host name and address that are " "returned by the name-Eaddress DNS server. If any discrepancy is " "detected, I concludes that it is dealing with a host that pretends to " "have someone elses host name." msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "" "If the sources are compiled with -DPARANOID, I will drop the " "connection in case of a host name/address mismatch. Otherwise, the hostname " "can be matched with the I wildcard, after which suitable action " "can be taken." msgstr "" #. type: SH #: debian-bookworm debian-unstable #, no-wrap msgid "HOST ADDRESS SPOOFING" msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "" "Optionally, I disables source-routing socket options on every " "connection that it deals with. This will take care of most attacks from " "hosts that pretend to have an address that belongs to someone elses network. " "UDP services do not benefit from this protection. This feature must be " "turned on at compile time." msgstr "" #. type: SH #: debian-bookworm debian-unstable #, no-wrap msgid "RFC 931" msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "" "When RFC 931 etc. lookups are enabled (compile-time option) I will " "attempt to establish the name of the client user. This will succeed only if " "the client host runs an RFC 931-compliant daemon. Client user name lookups " "will not work for datagram-oriented connections, and may cause noticeable " "delays in the case of connections from PCs." msgstr "" #. type: SH #: debian-bookworm debian-unstable #, no-wrap msgid "EXAMPLES" msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "" "The details of using I depend on pathname information that was " "compiled into the program." msgstr "" #. type: SH #: debian-bookworm debian-unstable #, no-wrap msgid "EXAMPLE 1" msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "" "This example applies when I expects that the original network daemons " "will be moved to an \"other\" place." msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "" "In order to monitor access to the I service, move the original " "finger daemon to the \"other\" place and install tcpd in the place of the " "original finger daemon. No changes are required to configuration files." msgstr "" #. type: Plain text #: debian-bookworm debian-unstable #, no-wrap msgid "" "# mkdir /other/place\n" "# mv /usr/sbin/in.fingerd /other/place\n" "# cp tcpd /usr/sbin/in.fingerd\n" msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "" "The example assumes that the network daemons live in /usr/sbin. On some " "systems, network daemons live in /usr/sbin or in /usr/libexec, or have no " "`in.\\' prefix to their name." msgstr "" #. type: SH #: debian-bookworm debian-unstable #, no-wrap msgid "EXAMPLE 2" msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "" "This example applies when I expects that the network daemons are left " "in their original place." msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "" "In order to monitor access to the I service, perform the following " "edits on the I configuration file (usually I):" msgstr "" #. type: Plain text #: debian-bookworm debian-unstable #, no-wrap msgid "finger stream tcp nowait nobody /usr/sbin/in.fingerd in.fingerd\n" msgstr "" #. type: Plain text #: debian-bookworm debian-unstable #, no-wrap msgid "becomes:\n" msgstr "" #. type: Plain text #: debian-bookworm debian-unstable #, no-wrap msgid "finger stream tcp nowait nobody /usr/sbin/tcpd in.fingerd\n" msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "" "The example assumes that the network daemons live in /usr/sbin. On some " "systems, network daemons live in /usr/sbin or in /usr/libexec, the daemons " "have no `in.\\' prefix to their name, or there is no userid field in the " "inetd configuration file." msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "" "Similar changes will be needed for the other services that are to be covered " "by I. Send a `kill -HUP\\' to the I(8) process to make the " "changes effective." msgstr "" #. type: SH #: debian-bookworm debian-unstable #, no-wrap msgid "EXAMPLE 3" msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "" "In the case of daemons that do not live in a common directory (\"secret\" or " "otherwise), edit the I configuration file so that it specifies an " "absolute path name for the process name field. For example:" msgstr "" #. type: Plain text #: debian-bookworm debian-unstable #, no-wrap msgid " ntalk dgram udp wait root /usr/sbin/tcpd /usr/local/lib/ntalkd\n" msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "" "Only the last component (ntalkd) of the pathname will be used for access " "control and logging." msgstr "" #. type: SH #: debian-bookworm debian-unstable #, no-wrap msgid "BUGS" msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "" "Some UDP (and RPC) daemons linger around for a while after they have " "finished their work, in case another request comes in. In the inetd " "configuration file these services are registered with the I option. " "Only the request that started such a daemon will be logged." msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "" "The program does not work with RPC services over TCP. These services are " "registered as I in the inetd configuration file. The only non-" "trivial service that is affected by this limitation is I, which is " "used by the I command. This is no great loss. On most systems, " "I is less secure than a wildcard in /etc/hosts.equiv." msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "" "RPC broadcast requests (for example: I) always appear to " "come from the responding host. What happens is that the client broadcasts " "the request to all I daemons on its network; each I daemon " "forwards the request to a local daemon. As far as the I etc. daemons " "know, the request comes from the local host." msgstr "" #. type: SH #: debian-bookworm debian-unstable #, no-wrap msgid "FILES" msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "The default locations of the host access control tables are:" msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "/etc/hosts.allow" msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "/etc/hosts.deny" msgstr "" #. type: SH #: debian-bookworm debian-unstable #, no-wrap msgid "SEE ALSO" msgstr "" #. type: Plain text #: debian-bookworm debian-unstable #, no-wrap msgid "" "hosts_access(3), functions provided by the libwrap library.\n" "hosts_access(5), format of the tcpd access control tables.\n" "syslog.conf(5), format of the syslogd control file.\n" "inetd.conf(5), format of the inetd control file.\n" msgstr "" #. type: SH #: debian-bookworm debian-unstable #, no-wrap msgid "AUTHORS" msgstr "" #. type: Plain text #: debian-bookworm debian-unstable #, no-wrap msgid "" "Wietse Venema (wietse@wzv.win.tue.nl),\n" "Department of Mathematics and Computing Science,\n" "Eindhoven University of Technology\n" "Den Dolech 2, P.O. Box 513, \n" "5600 MB Eindhoven, The Netherlands\n" msgstr ""