NAME
hosts_access - ifomethi yamafayela wokulawula ukufinyelela kokusingathwa
DESCRIPTION
Leli khasi lezincwadi lichaza ulimi olulula lokulawula ukufinyelela olusekelwe kwiklayenti (igama lomnikazi / ikheli, igama lomsebenzisi), kanye nesiphakeli (cubungula igama, amaphethini wegama / ikheli). Izibonelo zinikwa ekupheleni. Umfundi ongenasineke uyakhuthazwa ukuba weqe esigabeni se-EXAMPLES sokwethulwa okusheshayo .Inguqulo eyandisiwe yolimi lokulawulwa kokufinyelela ichazwa kumadokhumenti we- Host_options (5). Izandiso zivuliwe ngesikhathi sokwakha uhlelo ngokwakhiwa nge -DPROCESS_OPTIONS.
Kumbhalo olandelayo, i- daemon yiyona inqubo yenkambiso yenqubo yenethiwekhi yenethiwekhi , futhi iklayenti yigama kanye / noma ikheli lensiza ecela isicelo. Amagama wenqubo ye-daemon yenethiwekhi ichaziwe kwifayili yokuhlela ye-inetd.
AMAFAYIBHELI OKUTHOLA UKUTHOLA
Isofthiwe yokulawula ukufinyelela ifinyelela amafayela amabili. Usesho luyeka emdlalweni wokuqala.
Ukufinyelela kuzonikezwa uma umbhangqwana (daemon, iklayenti) ufaka ukungena kwifayela /etc/hosts.allow .
Uma kungenjalo, ukufinyelela kuzonqatshwa lapho umbhangqwana (daemon, iklayenti) ufaka ukungena kufayili /etc/hosts.deny .
Ngaphandle kwalokho, ukufinyelela kuzonikezwa.
Ifayela lokulawula lokufinyelela elingelona likhona liphathwa njengokungathi liyifayela elingenalutho. Ngakho, ukulawula ukufinyelela kungavaliwe ngokunikeza amafayela okulawula ukufinyelela.
IMITHETHO YOKUTHOLA UKUTHOLA
Ifayela ngalinye lokulawula ukufinyelela liqukethe zero noma ngaphezulu imigqa yombhalo. Le migqa ihlelwa ngendlela yokubukeka. Ukusesha kuphelisa lapho umdlalo utholakala.
Umlingiswa omusha onganakwa uma ulandelwa umlingiswa wokubuyela emuva. Lokhu kukuvumela ukuba uqede imigqa ende ukuze kube lula ukuhlela.
Imigqa engacacile noma imigqa eqala ngohlamvu '#' ayinaki. Lokhu kukuvumela ukuba ufake amazwana kanye ne-whitespace ukuze amatafula alula ukufunda.
Yonke eminye imigqa kufanele igcwalise ifomethi elandelayo, izinto phakathi kwe- [] okuzikhethela:
i-daemon_list: ikhasimende_list [: shell_command]
i-daemon_list luhlu lwamagama wenqubo eyodwa noma ngaphezulu (ama-argv [0] amanani) noma ama-wildcards (bheka ngezansi).
I-client_list uhlu lwamagama owodwa noma amaningi abanjwe ngamakheli, amakheli abanjwe, amaphethini noma amakhadi angaphandle (bheka ngezansi) okuzofaniswa ngokumelene negama lomsingathi wekhasimende noma ikheli.
Izinhlobo eziyinkimbinkimbi kakhulu i- daemon @ umphathi nomsebenzisi @ umsingisi uchazwa ezigabeni zamaphethini wokuphela kweseva nakwi-lookups yomsebenzisi wamakhasimende, ngokulandelana.
Izakhi zohlu kumele zihlukaniswe ngezikhala kanye / noma amakhomishini.
Ngaphandle kwe-NIS (YP) ye-netgroup lookups, konke ukuhlolwa kokufinyelela kokufinyelela kuyinkinga engacabangi.
PATTERNS
Ulimi lokulawulwa kokufinyelela lusebenzisa amaphethini alandelayo:
Intambo eqala nge `. ' umlingisi. Igama lomphathi lilingana uma izingxenye zokugcina zegama lakhe zifanisa iphethini ecacisiwe. Isibonelo, iphethini `.tue.nl 'ifana negama lomphathi` wzv.win.tue.nl'.
Intambo ephela nge ``. ' umlingisi. Ikheli lokusingatha lilingana uma izinkampani zokuqala zenombolo zihambisana nomucu onikeziwe. Isibonelo, iphethini `131.155. ' ihambelana nekheli (cishe) zonke izimphathi ku-inthanethi ye-Eindhoven University (131.155.xx).
Intambo eqala ngohlamvu `@ '' iphathwa njengegama le-NIS (yangaphambili YP) lenethagroup. Igama lomphathi lilingana uma ilungu elithambile le-netgroup ecacisiwe. Amasethingi we-Netgroup awasekelwe kumagama wenqubo ye-daemon noma ngamagama omsebenzisi wamakhasimende.
Inkulumo yefomu `nnnn / mmmm 'ihunyushwa njengesibili' senetha / imaski '. Ikheli le-IPv4 le-host lifaniswa uma `net 'ilingana ne-bitwise KANYE nekheli ne` mask'. Isibonelo, iphethini lenetha / mask `131.155.72.0/255.255.254.0 'ihambelana nawo wonke amakheli ebangeni' 131.155.72.0 'nge` 131.155.73.255'.
Inkulumo yefomu ethi `[n: n: n: n: n: n: n: n] / m 'ichazwa njengesibili` [net] / prefixlen'. Ikheli le-IPv6 le-host lifaniswa uma 'iziqalo ze-prefix' ze `net 'zilingana nama-` prefixlen' bitshi ekheli. Isibonelo, i- [net] / patternen `` [3ffe: 505: 2: 1 ::] / 64 'ihambelana nayo yonke ikheli ebangeni' 3ffe: 505: 2: 1 :: 'ngokusebenzisa `3ffe: 505: 2: 1: fff: ffff: ffff: ffff '.
Uhlamvu oluqala ngohlamvu lwe `` / 'luphathwa njengegama lefayela . Igama lomnikazi noma ikheli lilingana uma lihambisana nanoma yiliphi igama lesikhamuzi noma iphethini yekheli elifakwe efayeleni elibizwa. Ifomethi yefayili ingu-zero noma ngaphezulu imigqa enegama le-zero noma ngaphezulu lomsingathi noma amaphethini wekheli ahlukaniswe indawo yokumhlophe. Iphethini legama lefayili lingasetshenziswa noma yikuphi igama lomeshi noma iphethini yekheli elingasetshenziswa.
I-Wildcards `* 'ne`?' ingasetshenziswa ukufanisa ama-hostnames noma amakheli e-IP . Le ndlela yokufanisa ayikwazi ukusetshenziselwa ngokuhambisana 'net net / mask', ukufanisa igama lokusingatha kuqala nge `. ' noma ikheli le-IP elilingana nokuphela nge `. '.
WILDCARDS
Ulimi lokulawulwa kokufinyelela lusekela ama-wildcards acacile:
KONKE
I-wildcard yendawo yonke, ihlale ihambisana.
LOCAL
Ifanisa noma yimuphi umphathi ogama lakhe aliqukethe uhlamvu lwephashazi.
AKUNGAZWAZI
Ifanisa noma yimuphi umsebenzisi ogama lakhe lingaziwa, futhi lihambisana nanoma yimuphi umeshi ogama lakhe noma ikheli aliziwa. Leli phethini kufanele lisetshenziswe ngokunakekelwa: amagama angabanjwa angatholakali ngenxa yezinkinga zeseva yesikhashana lesigama. Ikheli lenethiwekhi ngeke litholakale uma isofthiwe ingakwazi ukuthola ukuthi iyiphi inethiwekhi ekhuluma ngayo.
KUZIWA
Ifanisa noma yimuphi umsebenzisi ogama lakhe laziwa, futhi lihambisana nanoma yimuphi umeshi ogama lakhe nekheli lakhe laziwa. Leli phethini kufanele lisetshenziswe ngokunakekelwa: amagama angabanjwa angatholakali ngenxa yezinkinga zeseva yesikhashana lesigama. Ikheli lenethiwekhi ngeke litholakale uma isofthiwe ingakwazi ukuthola ukuthi iyiphi inethiwekhi ekhuluma ngayo.
PARANOID
Ifanisa noma yimuphi umphathi ogama lakhe alifani nekheli layo. Uma i-tcpd yakhiwe nge -DPARANOID (imodi ezenzakalelayo), ithela izicelo ezivela kumakhasimende anjalo ngisho nangaphambi kokubuka amatafula okulawula ukufinyelela. Yakha ngaphandle -DPARANOID uma ufuna ukulawula okwengeziwe kwezicelo ezinjalo.
ABASEBENZI
NGAPHAMBILI
Ukusetshenziswa okuhloswe kufomu: `uhlu_1 uhlu lwama-EXCEPT_2 '; lokwakha ufanisa noma yini efana nohlu_1 ngaphandle uma ihambisana nohlu_2 . Umqhubi we-EXCEPT angasetshenziswa kuma-daemon_lists naku-client_lists. Umqhubi we-EXCEPT angadliwa: uma ulimi lokulawula lungavumela ukusetshenziswa kwabakwa-parentheses, 'i-EXCEPT b EXCEPT c' izofakela ngokuthi `(a EXCEPT (b EXCEPT c)) '.
Uma umthetho wokulawula ukufinyelela wokulinganisa wokuqala uqukethe umyalo wegobolondo, lowo myalo ukhonjelwe esikhundleni se-% (bheka isigaba esilandelayo). Umphumela ukwenziwa yinkqubo yezingane / ibin / sh ngokufaka okujwayelekile, okukhiphayo nephutha elixhunywe ku / dev / null . Cacisa i- `& 'ekugcineni komyalo uma ungafuni ukulinda uze uqede.
Imiyalo ye-Shell akufanele ithembele ekuhlelweni kwe-PATH kwe-inetd. Esikhundleni salokho, kufanele basebenzise amagama aphelele, noma kufanele aqale ngePATH ecacile = noma yisiphi isitatimende.
I- host_options (5) idokhumenti ichaza olunye ulimi olusebenzisa insimu yomyalo wegobolondo ngendlela ehlukile futhi engahambisani.
% IZIMPENDULO
Ukukhula okulandelayo kuyatholakala ngaphakathi kwemilayezo yegobolondo:
% a (% A)
Ikheli lesiklayenti (iseva) lesikhamuzi .
% c
Ulwazi lomthengi: umsebenzisi @ umsingisi, umsebenzisi @ ikheli, igama lomphathi, noma ikheli nje, kuye ngokuthi ulwazi luyatholakala kangakanani.
% d
Igama lezinqubo ze-daemon (inani le-argv [0]).
% h (% H)
Igama lesiklayenti (iseva) lomphathi wekheli noma ikheli, uma igama lomphathi lingatholakali.
% n (% N)
Igama lesiklayenti (seva) igama lomphathi (noma "elingaziwa" noma "i-paranoid").
% p
I-id yenqubo ye-daemon.
% s
Ulwazi lwesiphakeli: i-daemon @ i-host, i-daemon @ ikheli, noma igama nje le-daemon, kuye ngokuthi kuningi ulwazi olutholakala.
% u
Igama lomsebenzisi wamakhasimende (noma "angaziwa").
%%
Iyanda kumlingisi owodwa '%'.
Abalingiswa ngokwezindleko ze-% ezingahle zidibanise igobolondo zishintshwa yizingcindezi.
I-SERVER ENDPOINT PATTERNS
Ukuze uhlukanise amakhasimende ngekheli lenethiwekhi abaxhuma kuyo, sebenzisa amaphethini afomu:
inqubo_yamagama @ host_pattern: client_list ...
Amaphethini afana nalawa angasetshenziswa uma umshini unamakheli e-intanethi ahlukile nge-hostnames ehlukene ye-intanethi. Abahlinzeki besevisi bangasebenzisa lesi sikhungo ukuze banikezele ingobo yomlando ye-FTP, GOPHER noma i-WWW ngamagama we-intanethi angase ayingxenye yezinhlangano ezahlukene. Bheka futhi inketho ethi `twist ' kumadokhumenti we- Host_options (5). Ezinye izinhlelo (Solaris, FreeBSD) zingaba nekheli elingaphezu kweyodwa le-inthanethi esibonakalayo esisodwa; nezinye izinhlelo ongase udingeke uziphendulele ku-SLIP noma ku-PPP ukungenelela kwamaphutha okuhlala endaweni ekhethiwe yesikheli senethiwekhi.
I-host_pattern ilalela imithetho efanayo ye-syntax njengegama lomnikazi namakheli kumongo we-client_list. Ngokuvamile, ulwazi lokuphela kwe-server luyatholakala kuphela ngezinsizakalo ezixhunyiwe ku-inthanethi.
U-CLIENT USERNAME UHLOLA
Uma umphathi wezaklayenti esekela i-RFC 931 protocol noma enye yenzalo yayo (i-TAP, IDENT, i-RFC 1413) izinhlelo ze-wrapper zingathola imininingwane eyengeziwe mayelana nomnikazi wokuxhumana. Ulwazi lomsebenzisi wamakhasimende, uma lukhona, luxhunywe kanye negama le-host host, futhi lingasetshenziswa ukufanisa amaphethini afana:
daemon_list: ... umsebenzisi_pattern @ host_pattern ...
I-wrappers ye-daemon ingalungiswa ngesikhathi sokuhlanganisa isikhathi sokusebenzisa igama lomsebenzisi lookups (okuzenzakalelayo) noma ukuhlala uphazamisa umphathi wezaklayenti. Endabeni yokusetshenziswa kwegama lomsebenzisi elilawulwa ngumlawuli, umthetho ongenhla ungabangela igama lomsebenzisi ukubuka kuphela uma kokubili uhlu lwe - daemon nomdlalo we- host_pattern .
Iphethini lomsebenzisi ine-syntax efanayo nephethini yenqubo ye-daemon, ngakho-ke ama-wildcards afanayo ayasebenza (ubulungu be-netgroup abusekelwe). Umuntu akufanele athathwe nge-lookups yomsebenzisi, noma kunjalo.
Ulwazi lomsebenzisi wekhasimende alukwazi ukwethenjwa uma luyadingeka kakhulu, okusho ukuthi uma uhlelo lweklayenti lwenzekile. Ngokuvamile, YONKE kanye (i-UN) YAZWA yilabo kuphela amaphethini egama lomsebenzisi owenza umqondo.
Ama-lookups wegama lomsebenzisi kungenzeka kuphela ngamasevisi asekelwe ku-TCP, futhi kuphela lapho umphathi weklayenti eqhuba i-daemon efanelekile; kuzo zonke ezinye izimo umphumela "awungaziwa".
I-UNIX kernel bug engaziwa ingabangela ukulahlekelwa kwensizakalo uma igama lomsebenzisi lookups livinjelwe yi-firewall. Idokhumenti ye-README yesikhwama ichaza inqubo yokuthola ukuthi i-kernel yakho ine-bug.
Igama lokusebenzisa lomsebenzisi lingabangela ukubambezeleka okubonakalayo kwabasebenzisi abangewona abakwa-UNIX. Ukuhamba kwesikhathi okuzenzakalelayo kwe-lookups yomsebenzisi kungamasekhondi angu-10: kufushane kakhulu ukubhekana namanethiwekhi amancane, kodwa isikhathi eside ngokwanele ukucasula abasebenzisi be-PC.
Igama lomsebenzisi elikhethiwe linganciphisa inkinga yokugcina. Isibonelo, umthetho ufana:
daemon_list: @pcnetgroup KONKE @ KONKE
ingafanisa amalungu we-pc netgroup ngaphandle kokwenza igama lomsebenzisi lookups, kodwa angenza igama lomsebenzisi lookups nazo zonke ezinye izinhlelo.
DETECTING ADDRESS EZIPHUMA EZIPHUMA
Iphutha ku-generator yenombolo yokulandelana kwezinhlelo eziningi ze-TCP / IP kuvumela ukuthi abafaki ukuzitholela babenze kalula abakwaGeneral abathembekile futhi bangene ngokusebenzisa, isibonelo, isevisi yegobolondo elide. I-IDENT (RFC931 njll) isevisi ingasetshenziselwa ukuthola ukuhlaselwa kwe-spoofing enjalo kanye nezinye izivakashi.
Ngaphambi kokwamukela isicelo sekhasimende, i-wrappers ingasebenzisa isevisi ye-IDENT ukuthola ukuthi iklayenti alizange ithumele isicelo nhlobo. Lapho umphathi wezaklayenti enikezela nge-IDENT isevisi, imiphumela engalungile ye-IDENT yokuthola (iklayenti ifana ne- 'UNKNOWN @ host') ubufakazi obuqinile bokuhlasela kwe-spoofing.
Imiphumela enhle yokuthola i-IDENT (iklayenti ihambelana ne- 'KNOWN @ host') ayithembekile kancane. Kungenzeka ukuthi isisulu sikwazi ukususa kokubili ukuxhumeka kweklayenti kanye nokufakwa kwe-IDENT, nakuba ukwenza kanjalo kunzima kakhulu kunokwenza ukuxhumeka kokuxhumeka kwekhasimende kuphela. Kungenzeka futhi ukuthi iseva ye-IDENT yomthengi ilele.
Qaphela: I-IDENT lookups ayisebenzi nezinsizakalo ze-UDP.
EXAMPLES
Ulimi lunezimo eziguquguqukayo ngokwanele ukuthi izinqubomgomo ezahlukene zokulawula ukufinyelela zingabonakaliswa ngokuncintisana okungenani. Nakuba ulimi lisebenzisa amatafula amabili wokulawula ukufinyelela, izinqubomgomo ezivame kakhulu zingasetshenziswa ngeyodwa yamatafula ayingcosana noma angenalutho.
Uma ufunda lezi zibonelo ezingezansi kubalulekile ukuqaphela ukuthi ithebula evumelekile iskena ngaphambi kwetafula lokuphika, ukuthi ukusesha kuphelisa lapho umdlalo utholakala, futhi lokho kutholakala kunikezwe uma kungatholakali nhlobo.
Izibonelo zisebenzisa amagama abanjwe namagama wesizinda. Zingahle zithuthukiswe ngokufaka ikheli kanye / noma inethiwekhi / imininingwane ye-netmask, ukunciphisa umthelela wokuhluleka kwe-server yokungena kwevava yesikhashana.
KUKHULULEKILE
Kule nkinga, ukufinyelela kunqatshelwe ngokuzenzakalelayo. Izimpendulo ezivunyelwe kuphela ezivunyelwe ukufinyelela.
Inqubomgomo ezenzakalelayo (ayikho ukufinyelela) isetshenziswe ngefayela elincane lokuphika:
/etc/hosts.deny: KONKE: KONKE
Lokhu kukwenqaba yonke insizakalo kuzo zonke iziphathimandla, ngaphandle uma kuvunyelwe ukufinyelela ngokufaka efayeleni evumelekile.
Amashiya avunyelwe ngokucacile afakwe kuhlu lefayela elivumelekile. Ngokwesibonelo:
/etc/hosts.allow: KONKE: LOCAL @some_netgroup
KONKE: .foobar.edu EXCEPT terminalserver.foobar.edu
Umthetho wokuqala uvumela ukufinyeleleka kusuka kumabandla kusizinda sangakini (akukho `. ' Egameni lehostela) nakwamalungu we- some_netgroup netgroup. Umthetho wesibili uvumela ukufinyelela kuzo zonke iziphathimandla kusizinda se-foobar.edu (qaphela i-dot ehola phambili), ngaphandle kwe-terminalserver.foobar.edu .
VULA UKUKHULULEKA
Lapha, ukufinyelela kunikezwe ngokuzenzakalelayo; Amasevisi akhethiwe kuphela anqatshelwe insizakalo.
Inqubomgomo ezenzakalelayo (ukufinyelela okunikeziwe) yenza ifayela elivumelekile livuleke ukuze lingashiywa. Ama-Host hosts angagunyaziwe ahlelwe efayeleni lokuphika. Ngokwesibonelo:
/etc/hosts.deny: KONKE: some.host.name, .some.domain
KONKE KUNYE ku -.fingerd: other.host.name, .other.domain
Umthetho wokuqala uphika ezinye izimpendulo nezizinda zonke izinsizakalo; umthetho wesibili usavumela izicelo zamunwe kusuka kwamanye ama-Host and domains.
BOOBY TRAPS
Isibonelo esilandelayo sivumela izicelo ze-tftp kusuka kumabandla kusizinda sangakini (hlola ichashazi eliholayo). Izicelo ezivela kunoma yikuphi amanye ama-Hosts anqatshelwe. Esikhundleni sefayela eliceliwe, i-probe yomunwe ithunyelwa kumlindi okhubazayo. Umphumela uthunyelwe kumphathi omkhulu.
/etc/hosts.allow:
i-in.tftpd: LOCAL, .my.domain /etc/hosts.deny: in.tftpd: KONKE: i-spawn (/ ezinye / kuphi / ephephile_inhlamvu -l @% h | \ / usr / ucb / mail -s% d-% h izimpande) &Umyalo ophephile_wokuphepha ufika ne-tcpd wrapper futhi kufanele ifakwe endaweni efanele. Inqanda ukulimala okungenzeka kusuka kwedatha ethunyelwe isiphakeli esikude. Inikeza ukuvikelwa okungcono kunomyalo womunwe ojwayelekile.
Ukwandiswa kwe-% h (umphathi wezaklayenti) ne% d (igama lenkonzo) ukulandelana kuchazwe esigabeni somyalo wegobolondo.
Isexwayiso: musa ukubopha i-daemon yakho ngomunwe, ngaphandle uma ulungele ukungena okungapheli komunwe.
Kuzinhlelo ze-firewall zenethiwekhi le nkohliso ingaqhutshwa ngisho nangaphezulu. I-typical network firewall inikeza kuphela isethi enqunyiwe yamasevisi ezweni langaphandle. Zonke ezinye izinsizakalo zingenziwa "zixhunyiwe" njengesibonelo esiphezulu se-tftp. Umphumela wuhlelo oluhle kakhulu lokuxwayisa.
BONA FUTHI
Uhlelo lwe-tcpd (8) lwe-tcp / ip daemon wrapper. tcpdchk (8), i-tcpdmatch (8), izinhlelo zokuhlola.Okubalulekile: Sebenzisa umyalo womuntu ( % umuntu ) ukuze ubone ukuthi umyalo usetshenziswe kanjani kukhompyutha yakho ethile.