LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 10-06-2014, 06:37 AM   #1
kbnuts
Member
 
Registered: Apr 2014
Posts: 45

Rep: Reputation: Disabled
Problems getting TCP Wrappers to behave nicely.


Hi guys,

Just trying to secure stuff on my debian box a bit more. Now.. on redhat i can just put in hosts.deny

sshd : ALL EXCEPT 192.168.1.10
ALL: ALL

but on Debian Wheezy it doesn't appear to be picking up the service. it blocks me sshing in unless I put ALL: ALL EXCEPT 192.168.1.10 in my hosts.deny

Is there a difference in behavior on TCP Wrappers on debian to redhat?

Thanks in advance!
 
Old 10-06-2014, 07:40 AM   #2
evo2
LQ Guru
 
Registered: Jan 2009
Location: Japan
Distribution: Mostly Debian and Scientific Linux
Posts: 5,753

Rep: Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288
Hi,

I think the service name in Debian in tcp wrappers is ssh not sshd (see /etc/services).

Evo2.
 
Old 10-06-2014, 07:41 AM   #3
kbnuts
Member
 
Registered: Apr 2014
Posts: 45

Original Poster
Rep: Reputation: Disabled
[off topic content deleted]

Last edited by Tinkster; 10-06-2014 at 08:57 PM. Reason: mod_edit
 
Old 10-06-2014, 07:48 AM   #4
kbnuts
Member
 
Registered: Apr 2014
Posts: 45

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by evo2 View Post
Hi,

I think the service name in Debian in tcp wrappers is ssh not sshd (see /etc/services).

Evo2.
Thanks, it looks like you're right. Unfortunately when I altered hosts.deny to ssh it still didn't work. I might try the full filepath to the daemon.
 
Old 10-06-2014, 07:53 AM   #5
kbnuts
Member
 
Registered: Apr 2014
Posts: 45

Original Poster
Rep: Reputation: Disabled
Hmm.. /usr/sbin/sshd doesn't work either. I must be doing something wrong here.
 
Old 10-06-2014, 07:54 AM   #6
evo2
LQ Guru
 
Registered: Jan 2009
Location: Japan
Distribution: Mostly Debian and Scientific Linux
Posts: 5,753

Rep: Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288
Hi,

have you considered using hosts.allow instead of the exception? Eg
hosts.deny
Code:
ALL: ALL
hosts.allow
Code:
ssh: 192.168.1.10
Evo2.
 
Old 10-06-2014, 08:09 AM   #7
kbnuts
Member
 
Registered: Apr 2014
Posts: 45

Original Poster
Rep: Reputation: Disabled
I should have done that at first really! I was being lazy and trying to use 1 config file.
it works using sshd: in hosts.allow.

Thanks!
 
Old 10-06-2014, 09:00 PM   #8
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,066
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
Right. For future reference, please chose titles that don't invite other
members (or yourself, for that matter) to derail your threads.



Cheers,
Tink
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Linux TCP Wrappers & Which Services can be secured via TCP Wrappers LXer Syndicated Linux News 0 12-16-2013 10:01 AM
TCP wrappers purpman Linux - Security 3 07-01-2012 08:08 PM
Tcp wrappers 7.6 - how to nqk28703 Linux - Software 1 04-20-2011 12:03 PM
tcp wrappers nishith Linux - Security 4 11-11-2008 05:45 AM
Tcp wrappers sysconfig Linux - Security 4 09-08-2006 09:20 AM


All times are GMT -5. The time now is 08:31 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration