Using TCP Wrappers Getting Started Guide 165 • Use the Coas administration tools by selecting Coas|System|Accounts on the KDE main menu • Use the character-mode lisa tool by entering the command lisa --useradm In each case, follow the on-screen prompts to enter information about the user account you’re creating. The utilities passwd and usermod can be used to manage user accounts after they are created. You can alter passwords, expiration dates of passwords, default shells, and more. See the manual pages of each command for more information. When you create a new user account, the information from the /etc/skel directory is copied into the new users home directory. This information includes basic star- tup scripts and configuration information. Using TCP Wrappers As a security measure, most network services are managed by a protective pro- gram called a TCP wrapper. The protected services are those listed in the /etc/ inetd.conf file which use the /usr/sbin/tcpd program. These services include, for example, FTP and Telnet access. A sample line from the /etc/inetd.conf file is shown here: ftp     stream  tcp     nowait  root    /usr/sbin/tcpd in.ftpd -l -a This line shows that the ftp service is maintained by the inetd program. When- ever a request for FTP service arrives on the port named for FTP in the /etc/ser- vices file, the tcpd program is started, with in.ftpd, the FTP server program, as a parameter. By encapsulating (wrapping) network services using tcpd, you can control access to the service by configuring and maintaining the hosts.allow and hosts.deny files in the /etc directory. These rules can include security based on • Which service is requested • The IP address of the requesting client • The domain name of the requesting client A sample /etc/hosts.allow file, when edited to allow access to services, might look like this: ALL: mycompany.com .mycompany.com