LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices



Reply
 
Search this Thread
Old 05-14-2006, 04:00 PM   #1
doronunu
Member
 
Registered: Dec 2005
Location: Israel
Distribution: used : Ubuntu, Debian, Arch. current : Centos.
Posts: 69

Rep: Reputation: 15
disable host.allow and deny


can i disable the use of hosts.allow and hosts.deny somehow?
 
Old 05-14-2006, 05:40 PM   #2
ethics
Senior Member
 
Registered: Apr 2005
Location: London
Distribution: Arch - Latest
Posts: 1,522

Rep: Reputation: 45
why would you want to do that? to either allow all or deny all? you can set ALL options in either
 
Old 05-16-2006, 05:10 AM   #3
doronunu
Member
 
Registered: Dec 2005
Location: Israel
Distribution: used : Ubuntu, Debian, Arch. current : Centos.
Posts: 69

Original Poster
Rep: Reputation: 15
how can i premit all?
 
Old 05-16-2006, 05:22 AM   #4
ethics
Senior Member
 
Registered: Apr 2005
Location: London
Distribution: Arch - Latest
Posts: 1,522

Rep: Reputation: 45
Not on my Arch box right now but i believe it's ALL:ALL.

GOOGLE IT!!!!!!!!!!!! Not sure if this can control local access to your machine and i'd hate for you to be locked out.
 
Old 05-16-2006, 08:52 AM   #5
Hobbletoe
Member
 
Registered: Sep 2004
Location: Dayton, Oh
Distribution: Linux Mint 10, Linux Mint 11
Posts: 148

Rep: Reputation: 18
As folk have said, I don't know why you would want to, but all you'd have to do is comment out everything in /etc/hosts.deny (don't delete anything, you might have a change of heart), then comment out everything in /etc/hosts.allow, and then add an entry of ALL:ALL

This is really not recommended though because of the obvious security reasons. Before you do this, you might want to make sure you are not running any un-needed services, have secured the services that you do have running, and make sure that any account that can log in has a good password.

As a side note, if you are having a problem with someone trying to get to your box, and don't know the IP (someone sitting behind a NATed firewall could have this problem), you can set up the hosts.deny file to e-mail you when you have a denial. Then you can add the IP that it sends you to your hosts.allow. Enter the following all on one line (I had to chop it up as it doesn't wrap and makes viewing the page a problem).

Code:
ALL:ALL (/usr/sbin/safe_finger -l @%h | echo Service denied: %d 
Host Denied: %h Address Denied: %a > /tmp/out | 
/usr/bin/mailx -s "TCP Wrapper Denial (SERVER NAME)" YOUR_EMAIL_HERE < /tmp/out) &
You might have to tinker with the mailx part (it might be /bin/mail ... The above is from a Solaris box).

Another option might be port knocking, though I've never set that up before. Basically, if you want in, you "knock" on a given port. The server heres that knock, then opens up a different port for that IP.

Regardless of what you do, please look at some other possible solutions before just opening your machine to the world. And if you can't find anything, tell us what you are trying to do, and chances are we can find a better option for you to help keep your box secure.

Last edited by Hobbletoe; 05-16-2006 at 08:54 AM. Reason: /etc/deny line wasn't wrapping, making the page a pain to read.
 
Old 05-17-2006, 03:27 AM   #6
doronunu
Member
 
Registered: Dec 2005
Location: Israel
Distribution: used : Ubuntu, Debian, Arch. current : Centos.
Posts: 69

Original Poster
Rep: Reputation: 15
guys tnx for your consern but i just preffer using iptables.
by the way can i just delete the files?
 
Old 05-17-2006, 05:09 AM   #7
ethics
Senior Member
 
Registered: Apr 2005
Location: London
Distribution: Arch - Latest
Posts: 1,522

Rep: Reputation: 45
No, i don't think that is a good idea since it's an integral part of a system, deleting system configs etc. is not a good idea at all.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Deny a host access to all services objorkum Linux - Networking 5 08-17-2007 03:54 PM
How to setup a host.deny and host.allow for SSH? explorer1979 Linux - Security 2 01-31-2005 06:28 PM
Quick quide to host.allow / deny? dtournas Linux - General 2 06-19-2004 07:17 AM
How do I deny host? Inexactitude Linux - Security 3 02-22-2004 03:00 PM
host.deny is very wierd ForumKid Linux - Security 1 12-26-2001 07:09 PM


All times are GMT -5. The time now is 04:30 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration