v16i062: package to monitor tcp/ip connections, Part01/01

Wietse Venema wietse at wzv.win.tue.nl
Wed Jan 9 15:01:40 AEST 1991


Submitted-by: wietse at wzv.win.tue.nl (Wietse Venema)
Posting-number: Volume 16, Issue 62
Archive-name: log_tcp/part01

This package provides a couple of tiny programs that log all requests
to connection-oriented tcp/ip services (examples: FINGER, SYSTAT, FTP,
TELNET, RLOGIN, RSH, EXEC), with optional access control on the basis
of host (or domain) names and service names.

The programs are nothing but small front ends. By default, they just
log the remote host name and then invoke the real daemon. The programs
should not require any changes to existing software or configuration
files.

Connections are reported through the syslog(3) facility. Each record
contains a time stamp, the remote host name and the name of the service
requested. Such information can be useful to detect break-in attempts
or other undesirable activities, especially when logfile information
from several hosts is merged.

The optional access-control facility may be useful when, for whatever
reason, it is not possible to handle access control at a more suitable
level (such as an internet router).

	Wietse Venema,
	Eindhoven University of Technology,
	The Netherlands.

#! /bin/sh
# This is a shell archive.  Remove anything before this line, then unpack
# it by saving it into a file and typing "sh file".  To overwrite existing
# files, type "sh file -c".  You can also feed this as standard input via
# unshar, or by typing "sh <file", e.g..  If this archive is complete, you
# will see the following message at the end:
#		"End of shell archive."
# Contents:  README miscd.c tcpd.c fromhost.c hosts_access.c Makefile
#   hosts_access.5 strcasecmp.c BLURB
# Wrapped by wietse at wzv on Sun Jan  6 22:31:41 1991
PATH=/bin:/usr/bin:/usr/ucb ; export PATH
if test -f README -a "${1}" != "-c" ; then 
  echo shar: Will not over-write existing file \"README\"
else
echo shar: Extracting \"README\" \(4779 characters\)
sed "s/^X//" >README <<'END_OF_README'
X@(#) README 1.1 91/01/06 22:30:23
X
XGeneral description:
X
XWith this package you can monitor connections to the SYSTAT, FINGER,
XFTP, TELNET, RLOGIN, RSH and EXEC network services.  Connections are
Xlogged through the syslog(3) facility. A requirement is that daemons
Xare started by the inetd program or something similar.
X
XThe programs are tiny front ends that just report the remote host name
Xand then invoke the real network daemon.  In the most common case, no
Xchanges should be required to existing software or to configuration
Xfiles.  Just move the vendor-provided daemons to another place and
Xinstall the front ends into their original places. Installation details
Xare given below.
X
XEarlier versions of the programs were tested with Ultrix >= 2.2, with
XSunOS >= 3.4 and ISC 2.2. The present version is a bit cleaned up, but
Xshould still run without modification on top of most BSD-style TCP/IP
Ximplementations.
X
XOptional feature:
X
XWhen compiled with -DHOSTS_ACCESS, the front-end programs support a
Xsimple form of access control that is based on host (or domain) names
Xand service names.  Wild cards are supported.  If a host requests a
Xservice, and if the (service, host) pair is matched by an entry in the
X/etc/hosts.allow file, access is granted.  Otherwise, if the (service,
Xhost) pair is matched by an entry in the /etc/hosts.deny file, access
Xis denied.  Otherwise, access is granted.  For more details, see the
Xhosts_access(5) manual page. This form of access control may be useful
Xif it can not be implemented at a more suitable level (such as an
Xinternet router).
X
XRelated software:
X
XVersions of rshd and rlogind, hacked to report the remote user name as
Xwell, are available for anon ftp (ftp.win.tue.nl:/pub/logdaemon.tar.Z).
XThose programs have been tested only with SunOS >= 4.0.
X
XAnother way to manage access to tcp/ip services is illustrated by the
Xservers provided with the authutil package (comp.sources.unix volume
X22). This has the advantage that one will get the remote username from
Xany host supporting RFC 931 security.  By installing the auth package
X(same volume) one supports RFC 931 security too.  Eventually one can
Xstart cutting off unauthenticated connections. This is obviously a much
Xmore advanced approach than what my front-end programs provide. The
Xpresent package is more suitable for those who lack the resources to
Xinstall anything that requires more than just renaming a couple of
Xexecutables.
X
XConfiguration and installation:
X
XIf you don't run Ultrix, you don't need the miscd front-end program.
XThe Ultrix miscd daemon implements among others the SYSTAT service,
Xwhich pipes the output from the WHO command to standard output.
X
XBy default, the front-end programs assume that the vendor-provided
Xdaemons will be moved to the "/usr/etc/..." directory.  If you want
Xsomething else, adjust the REAL_DAEMON and the REAL_DAEMON_DIR macros
Xin the files miscd.c and tcpd.c.
X
XBy default, connections are logged to the same place where the sendmail
Xlog entries go.  If connections should be logged elsewhere, adjust the
XLOG_MAIL macro in the miscd.c and tcpd.c files, and update your inetd
Xconfiguration file (usually, /etc/syslog.conf).  Most Ultrix versions 
Xdo not provide this flexibility, though.
X
XBy default, the front-end programs support host access control.  Access
Xcontrol is turned off when the /etc/hosts.{allow,deny} files do not
Xexist. If you do not need support for host access control, adjust the
Xmakefile so that the programs are compiled without -DHOSTS_ACCESS. Note:
Xhost access control support requires the strchr() and strtok() routines.
X
XIf your C library does not provide the strcasecmp() routine, adjust the
XAUX_OBJ macro in the makefile so that it uses the strcasecmp() version
Xprovided with this package.
X
XThe tcpd program is intended for monitoring connections to the telnet,
Xfinger, ftp, exec, rsh and rlogin services. Decide which services you
Xwant to be monitored, move the vendor-provided daemon programs to the
Xlocation specified by the REAL_DAEMON_DIR macro in the file tcpd.c, and
Xcopy the tcpd front end to the locations where the vendor-provided
Xdaemons used to be. That is, one copy of the tcpd front end for each
Xservice that you want to monitor.
X
XUltrix only: if you want to monitor connections to the SYSTAT service,
Xmove the vendor-provided miscd daemon to the location specified by the
XREAL_DAEMON macro in the miscd.c file, and install the miscd front end
Xinto the original miscd location.
X
XAcknowledgements:
X
XThanks to Brendan Kehoe (brendan at cs.widener.edu), Heimir Sverrisson
X(heimir at hafro.is) and Dan Bernstein (brnstnd at kramden.acf.nyu.edu) for
Xfeedback on an earlier release of this product.
X
X	Wietse Venema,
X	Mathematics and Computing Science,
X	Eindhoven University of Technology,
X	The Netherlands.
END_OF_README
if test 4779 -ne `wc -c <README`; then
    echo shar: \"README\" unpacked with wrong size!
fi
# end of overwriting check
fi
if test -f miscd.c -a "${1}" != "-c" ; then 
  echo shar: Will not over-write existing file \"miscd.c\"
else
echo shar: Extracting \"miscd.c\" \(1709 characters\)
sed "s/^X//" >miscd.c <<'END_OF_miscd.c'
X /*
X  * Front end to the ULTRIX miscd service. The front end logs the remote host
X  * name and then invokes the real miscd daemon. Install as "/usr/etc/miscd",
X  * after moving the real miscd daemon to the "/usr/etc/..." directory.
X  * Connections and diagnostics are logged through syslog(3).
X  * 
X  * The Ultrix miscd program implements the systat service, which pipes the
X  * output from who(1) to stdout. This information is potentially useful to
X  * systems crackers.
X  * 
X  * Compile with -DHOSTS_ACCESS in order to enable access control. See the
X  * hosts_access(5) manual page for details.
X  * 
X  * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
X  */
X
X#ifndef lint
Xstatic char sccsid[] = "@(#) miscd.c 1.1 91/01/06 22:30:32";
X#endif
X
X#include <stdio.h>
X#include <syslog.h>
X
X/* The following specifies where the vendor-provided daemon should go. */
X
X#define REAL_DAEMON	"/usr/etc/.../miscd"
X
Xmain(argc, argv)
Xint     argc;
Xchar  **argv;
X{
X    char   *fromhost();
X    char   *host_name;
X
X    /*
X     * Open a channel to the syslog daemon. Older versions of openlog()
X     * require only two arguments.
X     */
X
X#ifdef LOG_MAIL
X    (void) openlog(argv[0], LOG_PID, LOG_MAIL);
X#else
X    (void) openlog(argv[0], LOG_PID);
X#endif
X
X    /* Find out and report the remote host name. */
X
X    if ((host_name = fromhost()) == 0)
X	host_name = "unknown";
X    syslog(LOG_INFO, "connect from %s", host_name);
X
X    /* Check whether this host can access the service in argv[0]. */
X
X#ifdef HOSTS_ACCESS
X    hosts_access(argv[0], host_name);
X#endif
X
X    /* Invoke the real daemon program. */
X
X    (void) execv(REAL_DAEMON, argv);
X    syslog(LOG_ERR, "%s: %m", REAL_DAEMON);
X    return (1);
X}
END_OF_miscd.c
if test 1709 -ne `wc -c <miscd.c`; then
    echo shar: \"miscd.c\" unpacked with wrong size!
fi
# end of overwriting check
fi
if test -f tcpd.c -a "${1}" != "-c" ; then 
  echo shar: Will not over-write existing file \"tcpd.c\"
else
echo shar: Extracting \"tcpd.c\" \(1873 characters\)
sed "s/^X//" >tcpd.c <<'END_OF_tcpd.c'
X /*
X  * General front end for connection-oriented tcp/ip services. This program
X  * logs the remote host name and then invokes the real daemon. For example,
X  * install as /usr/etc/{fingerd,telnetd,ftpd,rlogind,rshd,rexecd}, after
X  * saving the real daemons in the directory "/usr/etc/...". This arrangement
X  * requires that the network daemons are started by inetd or something
X  * similar. Connections and diagnostics are logged through syslog(3).
X  * 
X  * Compile with -DHOSTS_ACCESS in order to enable access control. See the
X  * hosts_access(5) manual page for details.
X  * 
X  * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
X  */
X
X#ifndef lint
Xstatic char sccsid[] = "@(#) tcpd.c 1.1 91/01/06 22:30:36";
X#endif
X
X#include <stdio.h>
X#include <syslog.h>
X#include <sys/types.h>
X#include <sys/param.h>
X#ifndef MAXPATHNAMELEN
X#define MAXPATHNAMELEN	BUFSIZ
X#endif
X
X/* The following specifies where the vendor-provided daemons should go. */
X
X#define REAL_DAEMON_DIR	"/usr/etc/..."
X
Xmain(argc, argv)
Xint     argc;
Xchar  **argv;
X{
X    char   *fromhost();
X    char   *host_name;
X    char    path[MAXPATHNAMELEN];
X
X    /*
X     * Open a channel to the syslog daemon. Older versions of openlog()
X     * require only two arguments.
X     */
X
X#ifdef LOG_MAIL
X    (void) openlog(argv[0], LOG_PID, LOG_MAIL);
X#else
X    (void) openlog(argv[0], LOG_PID);
X#endif
X
X    /* Find out and report the remote host name. */
X
X    if ((host_name = fromhost()) == 0)
X	host_name = "unknown";
X    syslog(LOG_INFO, "connect from %s", host_name);
X
X    /* Check whether this host can access the service in argv[0]. */
X
X#ifdef HOSTS_ACCESS
X    hosts_access(argv[0], host_name);
X#endif
X
X    /* Invoke the real daemon program. */
X
X    (void) sprintf(path, "%s/%s", REAL_DAEMON_DIR, argv[0]);
X    (void) execv(path, argv);
X    syslog(LOG_ERR, "%s: %m", path);
X    return (1);
X}
END_OF_tcpd.c
if test 1873 -ne `wc -c <tcpd.c`; then
    echo shar: \"tcpd.c\" unpacked with wrong size!
fi
# end of overwriting check
fi
if test -f fromhost.c -a "${1}" != "-c" ; then 
  echo shar: Will not over-write existing file \"fromhost.c\"
else
echo shar: Extracting \"fromhost.c\" \(1325 characters\)
sed "s/^X//" >fromhost.c <<'END_OF_fromhost.c'
X /*
X  * fromhost() returns the name or address of the host at the other end of
X  * standard input, "stdin" if it is connected to a terminal, or a null
X  * pointer if it fails. Diagnostics are logged through syslog(3).
X  * 
X  * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
X  */
X
X#ifndef lint
Xstatic char sccsid[] = "@(#) fromhost.c 1.1 91/01/06 22:30:24";
X#endif
X
X#include <stdio.h>
X#include <sys/types.h>
X#include <sys/param.h>
X#include <sys/socket.h>
X#include <syslog.h>
X#include <netinet/in.h>
X#include <netdb.h>
X
X/* fromhost - find out what is at the other end of standard input */
X
Xchar   *fromhost()
X{
X    struct sockaddr sa;
X    struct sockaddr_in *sin = (struct sockaddr_in *) (&sa);
X    struct hostent *hp;
X    int     sockt = fileno(stdin);
X    int     length = sizeof(sa);
X    char   *inet_ntoa();
X
X    if (getpeername(sockt, &sa, &length) < 0) {
X	if (isatty(sockt)) {
X	    return ("stdin");
X	} else {
X	    syslog(LOG_ERR, "getpeername: %m");
X	    return (0);
X	}
X    } else {
X	switch (sa.sa_family) {
X	case AF_INET:
X	    hp = gethostbyaddr((char *) &sin->sin_addr.s_addr,
X			       sizeof(sin->sin_addr.s_addr), AF_INET);
X	    return (hp ? hp->h_name : inet_ntoa(sin->sin_addr));
X	default:
X	    syslog(LOG_ERR, "unknown address family %ld", sa.sa_family);
X	    return (0);
X	}
X    }
X}
END_OF_fromhost.c
if test 1325 -ne `wc -c <fromhost.c`; then
    echo shar: \"fromhost.c\" unpacked with wrong size!
fi
# end of overwriting check
fi
if test -f hosts_access.c -a "${1}" != "-c" ; then 
  echo shar: Will not over-write existing file \"hosts_access.c\"
else
echo shar: Extracting \"hosts_access.c\" \(4055 characters\)
sed "s/^X//" >hosts_access.c <<'END_OF_hosts_access.c'
X#ifdef HOSTS_ACCESS
X
X /*
X  * This module implements a simple but effective form of access control
X  * based on host (or domain) names and service names, with wild card
X  * support. Diagnostics are logged through syslog(3).
X  * 
X  * Compile with -DHOSTS_ACCESS in order to enable access control. See the
X  * hosts_access(5) manual page for details.
X  * 
X  * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
X  */
X
X#ifndef lint
Xstatic char sccsid[] = "@(#) hosts_access.c 1.1 91/01/06 22:30:28";
X#endif
X
X#include <stdio.h>
X#include <syslog.h>
X
Xextern char *fgets();
Xextern char *strchr();
Xextern char *strtok();
Xextern void exit();
X
X /* Path names of the access control files. */
X
X#define HOSTS_ALLOW	"/etc/hosts.allow"
X#define HOSTS_DENY	"/etc/hosts.deny"
X
X /* Delimiters for lists of services or hosts or domains. */
X
Xstatic char sep[] = ", \t";
X
X /* Constants to be used in assignments only, not in comparisons... */
X
X#define	YES		1
X#define	NO		0
X
X/* hosts_access - host access control facility */
X
Xhosts_access(service, host)
Xchar   *service;
Xchar   *host;
X{
X
X    /*
X     * If the (service,host) pair is found in the /etc/hosts.allow file,
X     * access is granted. Otherwise, if the (service,host) pair is found in
X     * the /etc/hosts.deny file, access is denied. Otherwise, access is
X     * granted. 
X     * 
X     * If a connection is refused, we write a syslog record, but do not notify
X     * the client.
X     */
X
X    if (table_match(HOSTS_ALLOW, service, host))
X	return;
X    if (table_match(HOSTS_DENY, service, host)) {
X	syslog(LOG_WARNING, "refused connect from %s", host);
X	exit(0);
X    }
X}
X
X/* table_match - match table entries with (service, host) pair */
X
Xtable_match(table, service, host)
Xchar   *table;
Xchar   *service;
Xchar   *host;
X{
X    FILE   *fp;
X    char    sv_list[BUFSIZ];		/* becomes list of services */
X    char   *cl_list;			/* becomes list of clients */
X    int     match = NO;
X    int     end;
X
X    /*
X     * Process the table one line at a time. Lines that begin with a '#'
X     * character are ignored. Non-comment lines are broken at the ':'
X     * character (we complain if there is none). The left part is matched
X     * against the service name (argv[0]), the right part against the host
X     * name. A non-existing table is treated as if it were an empty table.
X     */
X
X    if (fp = fopen(table, "r")) {
X	while (!match && fgets(sv_list, sizeof(sv_list), fp)) {
X	    if (sv_list[end = strlen(sv_list) - 1] != '\n') {
X		syslog(LOG_ERR, "%s: line exceeds STDIO buffer size", table);
X	    } else {
X		sv_list[end] = '\0';		/* strip trailing newline */
X	    }
X	    if (sv_list[0] == '#') {		/* skip comments */
X		continue;
X	    } else if ((cl_list = strchr(sv_list, ':')) == 0) {
X		syslog(LOG_ERR, "%s: malformed entry: \"%s\"", table, sv_list);
X		continue;
X	    } else {
X		*cl_list++ = '\0';		/* break line at ":" */
X		match = (list_match(sv_list, service)
X			 && list_match(cl_list, host));
X	    }
X	}
X	(void) fclose(fp);
X    }
X    return (match);
X}
X
X/* list_match - match a string against a list of tokens */
X
Xlist_match(list, string)
Xchar   *list;
Xchar   *string;
X{
X    char   *token;
X    int     tok_len;
X    int     str_len;
X
X    /*
X     * Process tokens one at a time. If a token has the magic value "ALL" the
X     * match always succeeds. If the token is a domain name, return YES if it
X     * matches the last fields of the string. Otherwise, return YES if the
X     * token fully matches the string. Note: we assume that a service name
X     * never begins with a "." character.
X     */
X
X    for (token = strtok(list, sep); token; token = strtok((char *) 0, sep)) {
X	if (strcasecmp(token, "ALL") == 0) {	/* magic: always matches */
X	    return (YES);
X	} else if (token[0] == '.') {		/* domain: match last fields */
X	    if ((str_len = strlen(string)) >= (tok_len = strlen(token))
X		&& strcasecmp(token, string + str_len - tok_len) == 0)
X		return (YES);
X	} else {				/* other: match full string */
X	    if (strcasecmp(token, string) == 0)
X		return (YES);
X	}
X    }
X    return (NO);
X}
X
X#endif
END_OF_hosts_access.c
if test 4055 -ne `wc -c <hosts_access.c`; then
    echo shar: \"hosts_access.c\" unpacked with wrong size!
fi
# end of overwriting check
fi
if test -f Makefile -a "${1}" != "-c" ; then 
  echo shar: Will not over-write existing file \"Makefile\"
else
echo shar: Extracting \"Makefile\" \(1077 characters\)
sed "s/^X//" >Makefile <<'END_OF_Makefile'
X# @(#) Makefile 1.1 91/01/06 22:30:21
X
X## Begin configuration options
X
X# If you want to enable host access control, define the HOST_ACCESS macro
X# in the  CFLAGS line. For example,
X#
X# CFLAGS = -O -DHOSTS_ACCESS
X#
X# Note: host access control requires the strtok() and strchr() routines.
X
XCFLAGS	= -O -DHOSTS_ACCESS
X
X# Include the file strcasecmp.o if it is not provided by your C library.
X
XAUX_OBJ	= # strcasecmp.o
X
X# Some System-V versions require that you explicitly specify the networking
X# libraries.
X
XLIBS	=
X
X## End configuration options
X
XTCPD_OBJ= tcpd.o fromhost.o hosts_access.o
XMISC_OBJ= miscd.o fromhost.o hosts_access.o
X
Xall:	tcpd miscd
X
Xtcpd:	$(TCPD_OBJ) $(AUX_OBJ)
X	$(CC) $(CFLAGS) -o $@ $(TCPD_OBJ) $(AUX_OBJ) $(LIBS)
X
Xmiscd:	$(MISC_OBJ) $(AUX_OBJ)
X	$(CC) $(CFLAGS) -o $@ $(MISC_OBJ) $(AUX_OBJ) $(LIBS)
X
Xshar:	
X	@shar README miscd.c tcpd.c fromhost.c hosts_access.c Makefile \
X	hosts_access.5 strcasecmp.c BLURB
X
Xclean:
X	rm -f tcpd miscd *.o core
X
Xlint:
X	lint -DHOSTS_ACCESS tcpd.c fromhost.c hosts_access.c
X	lint -DHOSTS_ACCESS miscd.c fromhost.c hosts_access.c
END_OF_Makefile
if test 1077 -ne `wc -c <Makefile`; then
    echo shar: \"Makefile\" unpacked with wrong size!
fi
# end of overwriting check
fi
if test -f hosts_access.5 -a "${1}" != "-c" ; then 
  echo shar: Will not over-write existing file \"hosts_access.5\"
else
echo shar: Extracting \"hosts_access.5\" \(3088 characters\)
sed "s/^X//" >hosts_access.5 <<'END_OF_hosts_access.5'
X.TH HOSTS_ACCESS 5
X.ad
X.fi
X.SH NAME
Xhosts_access \- host access control files
X.SH DESCRIPTION
X.ad
X.fi
XThis manual page describes a simple, but effective, access control
Xfacility that is based on host (or domain) names and service names,
Xwith wild-card support.
X.PP
XIn the following text, \fIservice\fP is the name of a requested service
X(the argv[0] value of a daemon process), and \fIhost\fP is the name of
Xthe host requesting that service.
X.IP o
XAccess will be granted if the (service,host) pair is matched by an
Xentry in the \fI/etc/hosts.allow\fP file.
X.IP o
XIf the previous test fails (perhaps because the \fIhosts.allow\fP file
Xdoes not exist), access will be denied if the (service,host) pair is
Xmatched by an entry in the \fI/etc/hosts.deny\fP file.
X.IP o
XIf the previous test fails (perhaps because the \fIhosts.deny\fP file
Xdoes not exist), access will be granted.
X.PP
XA non-existing access control file is treated as if it were an empty
Xfile. Thus, access control can be turned off by providing no access
Xcontrol files.
X.PP
XThe format of the access control files is as follows.
X.IP o
XLines that begin with a `#' character are ignored.
X.IP o
XOther lines should have the format:
X.sp
X.ti +5
Xservices : hosts_or_domains
X.LP
X\fIservices\fP is a list of one or more service names (argv[0] values),
Xand \fIhosts_or_domains\fP is a list of one or more host or domain
Xnames.  List elements are separated by blanks or commas.  The software
Xdoes not distinguish between lower and upper case.
X.PP
XEntries that specify a domain name should begin with a `.' character
X(see example below). A host name can be a fully-qualified host name,
Xan undomained host name (no `.' characters) or an internet address.
X.PP
XSpecial meaning is given to the magic token \fIALL\fP.  If it appears
Xin the \fIservices\fP part of a line, this token matches all services.
XIf the magic token appears in the \fIhosts_or_domains\fP part of a
Xline, it matches all hosts or domains.
X.SH EXAMPLES
XThe following example restricts all services to \fIhosta,
Xhostb\fP and hosts below the \fI.some.domain\fP:
X.PP
X/etc/hosts.allow:
X.in +5
XALL: hosta, hostb, .some.domain
X.PP
X/etc/hosts.deny:
X.in +5
XALL: ALL
X.PP
XIn order to deny some hosts all services, except ftp:
X.PP
X/etc/hosts.allow:
X.in +5
Xin.ftpd: ALL
X.PP
X/etc/hosts.deny
X.in +5
XALL: some.host.name, .some.domain
X.SH DIAGNOSTICS
X.ad
X.fi
XA syslog record is produced when a connection is refused; when a syntax
Xerror is found in a host access control file; when the length of a line
Xin a host access control file exceeds the stdio(3) buffer size.
X.SH FILES
X.na
X.nf
X/etc/hosts.allow, (service,host) pairs that are granted access.
X/etc/hosts.deny, (service,host) pairs that are denied access.
X.SH BUGS
X.ad
X.fi
XAuthorized hosts may be denied access if the mapping of host address
Xto host name fails (for example, due to a problem in the name server).
X.SH AUTHOR
X.na
X.nf
XWietse Venema
XEindhoven University of Technology
XDepartment of Mathematics and Computer Science
XDen Dolech 2, P.O. Box 513, 5600 MB Eindhoven, The Netherlands
X\" @(#) hosts_access.5 1.1 91/01/06 22:30:26
END_OF_hosts_access.5
if test 3088 -ne `wc -c <hosts_access.5`; then
    echo shar: \"hosts_access.5\" unpacked with wrong size!
fi
# end of overwriting check
fi
if test -f strcasecmp.c -a "${1}" != "-c" ; then 
  echo shar: Will not over-write existing file \"strcasecmp.c\"
else
echo shar: Extracting \"strcasecmp.c\" \(3767 characters\)
sed "s/^X//" >strcasecmp.c <<'END_OF_strcasecmp.c'
X/*
X * Copyright (c) 1987 Regents of the University of California.
X * All rights reserved.
X *
X * Redistribution and use in source and binary forms are permitted
X * provided that the above copyright notice and this paragraph are
X * duplicated in all such forms and that any documentation,
X * advertising materials, and other materials related to such
X * distribution and use acknowledge that the software was developed
X * by the University of California, Berkeley.  The name of the
X * University may not be used to endorse or promote products derived
X * from this software without specific prior written permission.
X * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
X * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
X * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
X */
X
X#if defined(LIBC_SCCS) && !defined(lint)
Xstatic char sccsid[] = "@(#)strcasecmp.c	5.6 (Berkeley) 6/27/88";
X#endif /* LIBC_SCCS and not lint */
X
X#include <sys/types.h>
X
X/*
X * This array is designed for mapping upper and lower case letter
X * together for a case independent comparison.  The mappings are
X * based upon ascii character sequences.
X */
Xstatic u_char charmap[] = {
X	'\000', '\001', '\002', '\003', '\004', '\005', '\006', '\007',
X	'\010', '\011', '\012', '\013', '\014', '\015', '\016', '\017',
X	'\020', '\021', '\022', '\023', '\024', '\025', '\026', '\027',
X	'\030', '\031', '\032', '\033', '\034', '\035', '\036', '\037',
X	'\040', '\041', '\042', '\043', '\044', '\045', '\046', '\047',
X	'\050', '\051', '\052', '\053', '\054', '\055', '\056', '\057',
X	'\060', '\061', '\062', '\063', '\064', '\065', '\066', '\067',
X	'\070', '\071', '\072', '\073', '\074', '\075', '\076', '\077',
X	'\100', '\141', '\142', '\143', '\144', '\145', '\146', '\147',
X	'\150', '\151', '\152', '\153', '\154', '\155', '\156', '\157',
X	'\160', '\161', '\162', '\163', '\164', '\165', '\166', '\167',
X	'\170', '\171', '\172', '\133', '\134', '\135', '\136', '\137',
X	'\140', '\141', '\142', '\143', '\144', '\145', '\146', '\147',
X	'\150', '\151', '\152', '\153', '\154', '\155', '\156', '\157',
X	'\160', '\161', '\162', '\163', '\164', '\165', '\166', '\167',
X	'\170', '\171', '\172', '\173', '\174', '\175', '\176', '\177',
X	'\200', '\201', '\202', '\203', '\204', '\205', '\206', '\207',
X	'\210', '\211', '\212', '\213', '\214', '\215', '\216', '\217',
X	'\220', '\221', '\222', '\223', '\224', '\225', '\226', '\227',
X	'\230', '\231', '\232', '\233', '\234', '\235', '\236', '\237',
X	'\240', '\241', '\242', '\243', '\244', '\245', '\246', '\247',
X	'\250', '\251', '\252', '\253', '\254', '\255', '\256', '\257',
X	'\260', '\261', '\262', '\263', '\264', '\265', '\266', '\267',
X	'\270', '\271', '\272', '\273', '\274', '\275', '\276', '\277',
X	'\300', '\341', '\342', '\343', '\344', '\345', '\346', '\347',
X	'\350', '\351', '\352', '\353', '\354', '\355', '\356', '\357',
X	'\360', '\361', '\362', '\363', '\364', '\365', '\366', '\367',
X	'\370', '\371', '\372', '\333', '\334', '\335', '\336', '\337',
X	'\340', '\341', '\342', '\343', '\344', '\345', '\346', '\347',
X	'\350', '\351', '\352', '\353', '\354', '\355', '\356', '\357',
X	'\360', '\361', '\362', '\363', '\364', '\365', '\366', '\367',
X	'\370', '\371', '\372', '\373', '\374', '\375', '\376', '\377',
X};
X
Xstrcasecmp(s1, s2)
X	char *s1, *s2;
X{
X	register u_char	*cm = charmap,
X			*us1 = (u_char *)s1,
X			*us2 = (u_char *)s2;
X
X	while (cm[*us1] == cm[*us2++])
X		if (*us1++ == '\0')
X			return(0);
X	return(cm[*us1] - cm[*--us2]);
X}
X
Xstrncasecmp(s1, s2, n)
X	char *s1, *s2;
X	register int n;
X{
X	register u_char	*cm = charmap,
X			*us1 = (u_char *)s1,
X			*us2 = (u_char *)s2;
X
X	while (--n >= 0 && cm[*us1] == cm[*us2++])
X		if (*us1++ == '\0')
X			return(0);
X	return(n < 0 ? 0 : cm[*us1] - cm[*--us2]);
X}
END_OF_strcasecmp.c
if test 3767 -ne `wc -c <strcasecmp.c`; then
    echo shar: \"strcasecmp.c\" unpacked with wrong size!
fi
# end of overwriting check
fi
if test -f BLURB -a "${1}" != "-c" ; then 
  echo shar: Will not over-write existing file \"BLURB\"
else
echo shar: Extracting \"BLURB\" \(1068 characters\)
sed "s/^X//" >BLURB <<'END_OF_BLURB'
X@(#) BLURB 1.1 91/01/06 22:30:19
X
XThis package provides a couple of tiny programs that log all requests
Xto connection-oriented tcp/ip services (examples: FINGER, SYSTAT, FTP,
XTELNET, RLOGIN, RSH, EXEC), with optional access control on the basis
Xof host (or domain) names and service names.
X
XThe programs are nothing but small front ends. By default, they just
Xlog the remote host name and then invoke the real daemon. The programs
Xshould not require any changes to existing software or configuration
Xfiles.
X
XConnections are reported through the syslog(3) facility. Each record
Xcontains a time stamp, the remote host name and the name of the service
Xrequested. Such information can be useful to detect break-in attempts
Xor other undesirable activities, especially when logfile information
Xfrom several hosts is merged.
X
XThe optional access-control facility may be useful when, for whatever
Xreason, it is not possible to handle access control at a more suitable
Xlevel (such as an internet router).
X
X	Wietse Venema,
X	Eindhoven University of Technology,
X	The Netherlands.
END_OF_BLURB
if test 1068 -ne `wc -c <BLURB`; then
    echo shar: \"BLURB\" unpacked with wrong size!
fi
# end of overwriting check
fi
echo shar: End of shell archive.
exit 0

exit 0 # Just in case...
-- 
Kent Landfield                   INTERNET: kent at sparky.IMD.Sterling.COM
Sterling Software, IMD           UUCP:     uunet!sparky!kent
Phone:    (402) 291-8300         FAX:      (402) 291-4362
Please send comp.sources.misc-related mail to kent at uunet.uu.net.



More information about the Comp.sources.misc mailing list