Found my problem, its a FreeBSD feature. They moved tcpd.h to
/usr/include, so configure finds the library fine, but can't find tcpd.h and
thus doesn't generate the include. Below is a dif for configure that adds
/usr/include to the tcpd.h search path and defines HOSTS_ALLOW along with
TCPWRAPPER to enable wrapping of the monitor udp port (which is what I was
after in the first place) from hosts.allow to block external access to the
argus data. While my machines are isolated in such a way I don't need it, I am
monitor port. I am doing an install document for other folks and they probably
want to restrict access to the monitor port using the wrappers (as in these
times should we all be!).
*** configure.orig Thu Apr 15 09:15:00 1999
--- configure Tue Aug 15 21:47:11 2000
***************
*** 1,4 ****
! #! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
# Generated automatically using autoconf version 2.12
--- 1,4 ----
! #! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
# Generated automatically using autoconf version 2.12
***************
*** 1841,1847 ****
libwraplibraryfound=yes
else
libwrapdirs=$pdir/`ls .. | egrep '^wrapper|^tcp_wrappers' | sort -ru `
! otherdirs="/usr/local/lib /usr/lib $pdir/libwrap $pdir"
dirs="$libwrapdirs $otherdirs"
echo "Searching directories "$dirs
--- 1841,1847 ----
libwraplibraryfound=yes
else
libwrapdirs=$pdir/`ls .. | egrep '^wrapper|^tcp_wrappers' | sort -ru `
! otherdirs="/usr/local/lib /usr/lib $pdir/libwrap $pdir /usr/include"
dirs="$libwrapdirs $otherdirs"
echo "Searching directories "$dirs
***************
*** 1871,1876 ****
--- 1871,1877 ----
echo ".. found $libwrapdir"
cat >> confdefs.h <<\EOF
#define TCPWRAPPER 1
+ #define HOSTS_ACCESS 1
EOF
else
libwrapdir=""
--- cut here ----
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
>
> Hey Peter,
> The ./configure program, when it finds the libwrap.a
> library and source, will define "TCPWRAPPER=1" and put
> it on the defines section of the ./server/Makefile.
> This is how the code makes its way into argus.
>
> To have ./configure find libwrap.a easily, put the
> distribution directory for tcpwrappers at the same level
> as the argus distribution, remove ./lib/libwrap.a and
> the ./wrapper directory, if it exists in your current
> ./argus-1.8.1 distribution directory and then rerun
> ./configure. Or if you want to make it a little less
> obvious, copy libwrap.a into the ./lib directory and make
> a link, ./wrapper, that points to the tcpwrapper source
> directory. Then run ./configure.
>
> Or just place a '-DTCPWRAPPER=1' at the end of the DEF
> definition on line 47 of the ./server/Makefile. That
> should at least include the code. It should complain
> about the libraries and include files that might be
> missing, if the stuff above hasn't been done, but it
> at least will get you started.
>
> Hope this helps,
>
> Carter
>
>
> -----Original Message-----
> From: owner-argus at lists.andrew.cmu.edu
> [mailto:owner-argus at lists.andrew.cmu.edu]On Behalf Of Peter Van Epp
> Sent: Monday, August 14, 2000 6:16 PM
> To: argus
> Subject: tcpwrappers?
>
>
> What is the correct way to enable the tcp wrappers? I added a
> -DHOSTS_ACCESS to the server Makefile.in @defs@ line and reconfigured make
> clean
> and make. I expect there is a proper way to activate this that I'm missing
> (and it doesn't immediately seem to be working either, although the code
> looks
> to be there). tcpdmatch looks to correctly deny, but I can still connect to
> the
> server port.
>
> Peter Van Epp / Operations and Technical Support
> Simon Fraser University, Burnaby, B.C. Canada
>
>