Fedora TCP Wrappers

2007-10-17 12:37
gdt: Kangaroo road sign (Default)
[personal profile] gdt

Fedora ships with TCP Wrappers and every application that supports TCP Wrappers is shipped with libwrap enabled.

Less thrillingly, the default configuration disables TCP Wrappers. Let's fix that. Edit /etc/hosts.deny to deny access by default:

ALL: ALL

Obviously the local machine should be able to access itself using IPv4 and IPv6, so edit /etc/hosts.allow to read:

ALL: 127.
ALL: [::1]/128

Now for every application that needs access, add a line to /etc/hosts.allow. For example, Fedora runs sshd:

sshd: ALL

Another example, a e-mail server might have:

sendmail: ALL
imapd: ALL

The scanner used on the local NATed network might be:

saned: 192.168.1.0/255.255.255.0

One trick is the XINetD meta-daemon. The name used in hosts.allow is the program basename on the "server =" line, not the name in the "service" line.

For example, a TFTP daemon could have a /etc/xinetd.d/tftp of:

service tftp
{
  socket_type = dgram
  protocol    = udp
  wait        = yes
  user        = root
  server      = /usr/sbin/in.tftpd
  server_args = -U 117 -c -s /tftpboot -vvv
  disable     = no
  per_source  = 11
  cps         = 100 2
  flags       = IPv4
}

would have a hosts.allow of:

in.tfptd: 192.168.1.0/255.255.255.0

Tags:
This account has disabled anonymous posting.
(will be screened)
(will be screened)
If you don't have an account you can create one now.
HTML doesn't work in the subject.
More info about formatting

If you are unable to use this captcha for any reason, please contact us by email at support@dreamwidth.org

 
Notice: This account is set to log the IP addresses of everyone who comments.
Links will be displayed as unclickable URLs to help prevent spam.

Profile

gdt: Kangaroo road sign (Default)
Glen Turner

September 2021

S M T W T F S
   1234
567891011
121314151617 18
19202122232425
2627282930  

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated 2026-01-02 08:36
Powered by Dreamwidth Studios