.TH IDENT-SPOOFER 8 "August 2007" "OpenFWTK" .SH NAME ident-spoofer \- ident protocol daemon .SH SYNOPSIS .B ident-spoofer .RB "[-daemon ] " .RB "[-fastdaemon ] [-as ]" .sp .SH DESCRIPTION .IX "ident-spoofer" "" "\(em ident protocol daemon" .I ident-spoofer provides ident (rfc1430) protocol emulation for firewall host. .I ident-spoofer does not provide actual information about firewall users; it makes up reasonable looking response. .PP The ident spoofer .RB "(" ident-spoofer ")" generally runs as a daemon (invoked from system startup script, p.e. .IR "/etc/rc.local" ) and listens for requests on the specified port (tcp/113, as indicated in .IR "/etc/services" ,is reasonable default). Whenever the system receives an ident request on this port, .IR ident-spoofer checks its configuration information (in the .IR "netperm-table" ) and determines whether the initiating host has permission to request the status data. If the request is allowed, a reponse is being provided according to the configuation; if the host does not have permission, .IR ident-spoofer logs the connection attempt and displays an error message. .PP The ident spoofer may also be invoked from tcp/ip "superserver" (inetd or xinetd). .IR "-daemon" parameter should be omitted in this case. .PP .SH OPTIONS .SS Command Line Options The ident spoofer recognizes the following command line options (whether started from the command line or from within .IR /etc/rc.local ): .TP .BI "-daemon " port Indicates that .IR ident-spoofer runs as a daemon, and the port (name or number) on which it listens. When .IR "-daemon" option is used, configuration is being read from .IR netperm-table for every new connection accepted by ident spoofer. .IP .I port Specifies either a numeric id or symbolic name from the .I /etc/services file. .TP .BI "-fastdaemon " port Indicates that .IR ident-spoofer runs as a daemon, and the port (name or number) on which the ident-spoofer listens. When .IR "-fastdaemon" option is used, configuration is being read from .IR netperm-table once the daemon starts or if .IR SIGHUP is received. .TP .BI "-as " tag Changes default application tag for .IR netperm-table from "ident-spoofer" to any given string. .SS Configuration Options The ident spoofer reads configuration rules from the .IR "/usr/local/etc/netperm-table" . It reads all rules using the .B ident-spoofer and .B * (wildcard) keywords. The ident spoofer reads the .I netperm-table from top to bottom. If there are multiple rules in the table that could apply for a particular attribute, the ident spoofer uses the first one that it finds. See .BR "netperm-table" (5) for a more complete explanation of .I netperm-table syntax and precedence. .PP The ident spoofer recognizes the following attributes: .TP .BI "ostype " "os-type" Specifies OSTYPE (operating system type) reposnse. .RS .TP .I os-type A string identifying operating system. Default is UNIX . .RE .TP .BI "service " "port username" Defines fake user for given service. .RS .TP .I port Specifies either a numeric id or symbolic name from the .I /etc/services file. .TP .I username Specifies user name (string) or .B `random' (means new pseudo-random name should be generated for every request) .RE .TP .B hosts host-pattern [host-pattern2...] rules specify host and access permissions. Typically, a hosts rule will be in the form of: .na .sp 1 ident-spoofer: deny-hosts unknown .sp ident-spoofer: hosts 10.0.0.3 .ad .sp 1 There may be several host patterns following the "hosts" keyword. .TP .BI "groupid " group Specifies the name of the group the ident spoofer uses when running. .RS .TP .I group Specifies either a name or numeric id from the .I /etc/group file. .RE .TP .BI "userid " user Specifies the user ID the ident spoofer uses when running. .RS .TP .I user Specifies either a name or numeric id from the .I /etc/passwd file. .RE .SH FILES .IP /etc/rc.local Command script that controls automatic reboot, and includes startup information for the ident spoofer. .IP /usr/local/etc/netperm-table The network permissions file contains configuration information for the Firewall Toolkit, including ident spoofer. .SH BUGS Report bugs to arkenoi@gmail.com or fwtk-users@buoy.com mailing list. Include a complete example, explaining what you expected to happen and what actually happened. Be sure to indicate the type of system (operating system, hardware, etc.) you are using, as well as the version of ident spoofer. .SH AUTHOR ArkanoiD. .SH SEE ALSO .BR netperm-table "(5), " rc "(8), "authsrv "(8), "netacl "(8)"