LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
Reload this Page IPtables/TCPwrapper/SSHD/access.conf? Is there a "best practice" for security?
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 09-30-2019, 02:47 PM   #1
itsallgood
LQ Newbie
 
Registered: Jan 2015
Posts: 26

Rep: Reputation: Disabled
Question IPtables/TCPwrapper/SSHD/access.conf? Is there a "best practice" for security?

Hi, new to Linux here and I am a bit confused as to all of these options for allowing/restricting access to a server.

Is there a best practice for restricting access to a server? Which one of the options would I use?

I inherited a couple of Linux servers and it is sometimes frustrating to adjust iptables to let traffic in on a certain IP only to find that iptables wasn't the only issue and access was also restricted in access.conf. I spent 20 minutes banging my head against the wall on my first configuration only to find out that there are TCPwrapper, SSHD, and access.conf to consider as well.

My hope is to be a half decent Linux admin sometime, so knowing what to use or when to use it in a real life scenario would be very helpful. How do you decide what option is best to use? IS there a best practice? thanks!
 
Old 09-30-2019, 03:25 PM   #2
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 3,340

Rep: Reputation: Disabled
You just stumbled across one such best practice: layered defense/security. The real issue might be that the systems you've inherited lacks proper documentation (which could represent a security issue on its own).

When securing a resource, you first find a suitable method or mechanism with which to implement the required level of security.

Once you've verified that the mechanism does indeed do what it's supposed to to, you ask yourself this question: "What happens if this mechanism fails, or has an unknown vulnerability that gets exploited, or gets disabled or misconfigured by mistake?"

Then you implement at least one other (preferably fundamentally different) mechanism to deal with the scenario above.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
TCPWrapper block IP noir911 Linux - Security 1 02-04-2009 05:54 PM
Starting sshd: /etc/init.d/sshd: line 113: /usr/sbin/sshd: Permission denied sumanc Linux - Server 5 03-28-2008 04:59 AM
iptables quivalent of tcpwrapper prayag_pjs Linux - Newbie 5 02-15-2008 02:02 AM
VSFTP, tcpwrapper teruzzi Linux - Security 0 01-06-2008 01:26 PM
[DEBIAN SARGE] problems setting up sshd to use tcpwrapper nonutopia Linux - Security 1 08-23-2005 08:04 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 06:45 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration