Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Gents,
I have set my security to higher, which is msec 4 I think,
If I change my hosts.deny to deny whit an exception, It will change back to deny all during the night. I guess this is the cron service thats running during the night. Can I make an exception somewhere so it run as normal but let the hosts.deny be....
.
Im using Mandrake 9.2
.
Thanks in advance...
Did you try adding your exceptions to hosts.allow amd leaving hosts.deny as ALL:ALL. Usually the best way to use tcpwrappers (hosts.allow/deny) is to have hosts.deny block everything and then explicitly allow access by adding ip addresses to hosts.allow. If you need to, you should be able to override the default msec permissions. Checkout this howto, but you shouldn't have to do it that way.
Thanks for your reply,
Okey, that mean that I should change back to deny all in my hosts.deny
and then put the ipadresses and domains that I trust in the hosts.allow instead. Couldsomeone just give me an exapmle how you write a good hosts.allow file...?
Anything that you put in hosts.allow will will override the ALL setting in hosts.deny. The syntax for hosts.allow is the same and uses the format:
SERVICENAME: arguments
where arguments can be a complete or partial domain name like node1.yahoo.com or just .yahoo.com . Or you can use complete or partial IP addresses like 123.456.789.1 or 123.456. So to use an example, say we wanted to allow anyone from yahoo.com to access our FTP server and we also want to allow the hosts 123.456.789.1, the 192.168. private IP block and all of yahoo.com to access our sshd server. The hosts.allow file would look like this:
Code:
#### BUNCH OF HEADER COMMENTS HERE
FTPD: .yahoo.com
SSHD: 123.456.789.1 192.168. .yahoo.com
The key to writitng a "good" hosts.allow file is just try to limit the number of people that have access to the fewest possible. Sometimes that can be hard if you have clients with dynamic IP addresses or if you need to run a public service. Also an important thing to keep in mind is that not all services use the hosts.allow/deny files. For example the Apache web server won't use them, so don't try to put an entry in hosts.allow for www or httpd.
No, the servicename does matter. But it can be upper or lowercase, that doesn't matter. Offhand I don't know all the services that use tcpwrappers (hosts.xxxx) and all that don't. But I know that sshd and tftpd do have tcpwrappers support and I believe that services running through inetd or xinetd use it as well.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.