-   Linux - Security (
-   -   hosts.deny and hosts.allow defaults? (

gui10 12-19-2001 10:10 AM

hosts.deny and hosts.allow defaults?
from a fresh install, these 2 files have no lines in them (except for the commented out version preamble etc etc)

was just wondering... if both files are left blank, what is the default policy?

also... if in hosts.deny, policy is ALL : ALL
and in hosts.allow is all blank...

what kind of connections are allowed through these TCP wrappers?

unSpawn 12-19-2001 11:31 AM

IIRC, if *both* files are blank, this counts as not having *any* of both; so default policy then will be: allow.
If /etc/hosts.deny contains the line
"ALL: ALL" this can be read as: (deny access to) ALL(services): (from) ALL(addresses).

gui10 12-19-2001 01:31 PM

just to clarify:

so that means no remote login of any kind is allowed right? (if hosts.deny is ALL : ALL and hosts.allow is left blank)


unSpawn 12-19-2001 02:12 PM

Access, when defined as in "making a connecting to a service", in this case (sic) means no access is allowed.

To clarify: this means you *still* need to place login restrictions on any service necessary, because TCP Wrappers don't deal with login ACL's of any kind like /etc/login.(defs|access), /etc/(secure|user)tty, or PAM.

Ok, ok, even tho it seems silly because no one is really allowed acces, that doesn't mean you don't want to have it act as a single point of failure or single line of defense, right?

gui10 12-19-2001 10:16 PM

ah! i see what you mean...
yea i've disallowed logins in the /etc/securetty file though i've not really seen a /etc/usertty file on my system? where ithis file?

also, i've yet to read up on PAM and ACL... that's up next...

unSpawn 12-20-2001 01:57 AM

LOL! Like I sed, it *is* /etc/usertty. If it's not there (on a PAM capable system) its handled by PAM files in /etc/security, like access.conf, group.conf.

All times are GMT -5. The time now is 11:53 AM.