hosts.deny and hosts.allow defaults?

gui10 · 12-19-2001, 10:10 AM

from a fresh install, these 2 files have no lines in them (except for the commented out version preamble etc etc)

was just wondering... if both files are left blank, what is the default policy?

also... if in hosts.deny, policy is ALL : ALL
and in hosts.allow is all blank...

what kind of connections are allowed through these TCP wrappers?

unSpawn · 12-19-2001, 11:31 AM

IIRC, if *both* files are blank, this counts as not having *any* of both; so default policy then will be: allow.
If /etc/hosts.deny contains the line
"ALL: ALL" this can be read as: (deny access to) ALL(services): (from) ALL(addresses).

gui10 · 12-19-2001, 01:31 PM

just to clarify:

so that means no remote login of any kind is allowed right? (if hosts.deny is ALL : ALL and hosts.allow is left blank)

thanks!

unSpawn · 12-19-2001, 02:12 PM

Access, when defined as in "making a connecting to a service", in this case (sic) means no access is allowed.

To clarify: this means you *still* need to place login restrictions on any service necessary, because TCP Wrappers don't deal with login ACL's of any kind like /etc/login.(defs|access), /etc/(secure|user)tty, or PAM.

Ok, ok, even tho it seems silly because no one is really allowed acces, that doesn't mean you don't want to have it act as a single point of failure or single line of defense, right?

gui10 · 12-19-2001, 10:16 PM

ah! i see what you mean...
yea i've disallowed logins in the /etc/securetty file though i've not really seen a /etc/usertty file on my system? where ithis file?

also, i've yet to read up on PAM and ACL... that's up next...

unSpawn · 12-20-2001, 01:57 AM

LOL! Like I sed, it *is* /etc/usertty. If it's not there (on a PAM capable system) its handled by PAM files in /etc/security, like access.conf, group.conf.