disable host.allow and deny
can i disable the use of hosts.allow and hosts.deny somehow?
|
why would you want to do that? to either allow all or deny all? you can set ALL options in either
|
how can i premit all?
|
Not on my Arch box right now but i believe it's ALL:ALL.
GOOGLE IT!!!!!!!!!!!! Not sure if this can control local access to your machine and i'd hate for you to be locked out. |
As folk have said, I don't know why you would want to, but all you'd have to do is comment out everything in /etc/hosts.deny (don't delete anything, you might have a change of heart), then comment out everything in /etc/hosts.allow, and then add an entry of ALL:ALL
This is really not recommended though because of the obvious security reasons. Before you do this, you might want to make sure you are not running any un-needed services, have secured the services that you do have running, and make sure that any account that can log in has a good password. As a side note, if you are having a problem with someone trying to get to your box, and don't know the IP (someone sitting behind a NATed firewall could have this problem), you can set up the hosts.deny file to e-mail you when you have a denial. Then you can add the IP that it sends you to your hosts.allow. Enter the following all on one line (I had to chop it up as it doesn't wrap and makes viewing the page a problem). Code:
ALL:ALL (/usr/sbin/safe_finger -l @%h | echo Service denied: %d Another option might be port knocking, though I've never set that up before. Basically, if you want in, you "knock" on a given port. The server heres that knock, then opens up a different port for that IP. Regardless of what you do, please look at some other possible solutions before just opening your machine to the world. And if you can't find anything, tell us what you are trying to do, and chances are we can find a better option for you to help keep your box secure. |
guys tnx for your consern but i just preffer using iptables.
by the way can i just delete the files? |
No, i don't think that is a good idea since it's an integral part of a system, deleting system configs etc. is not a good idea at all.
|
All times are GMT -5. The time now is 11:25 AM. |