Using Fedora,RHEL & CentOS Linux flavors.

I know how to use tcp wrappers to implement security for Linux.But,I want to know that which file will apply it's rules finally. Below is the example.

hosts.deny having sshd=ALL
hosts.allow having sshd=ALL

Now,which rule will work?

Moreover,I would like to know some good examples of tcp wrappers. So, kindly provide me some good documentation link.

Waiting,

the allow file overrides the deny file.

Dear Friend,

It means,whatever I wrote last,it will overlap the existing rule.

Is it?

Sorry, i don't understand what you mean. if you have two equal statements in either file, the hosts.allow will take priority over the hosts.deny entry. so in this instance, ssh would be allowed.

Hey, this is from my notes, I took it from somewhere.

The following are important points to consider when using TCP Wrappers to protect network services:

a)
Because access rules in hosts.allow are applied first, they take precedence over rules specified in hosts.deny. Therefore, if access to a service is allowed in hosts.allow, a rule denying access to that same service in hosts.deny is ignored.
b)
The rules in each file are read from the top down and the first matching rule for a given service is the only one applied. The order of the rules is extremely important.
c)
If no rules for the service are found in either file, or if neither file exists, access to the service is granted.
d)
TCP-wrapped services do not cache the rules from the hosts access files, so any changes to hosts.allow or hosts.deny take effect immediately, without restarting network services.


Hope this helps !!

Regards,
VIKAS