LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 11-10-2008, 09:50 AM   #1
nishith
Member
 
Registered: Aug 2008
Posts: 148

Rep: Reputation: 15
Cool tcp wrappers


Using Fedora,RHEL & CentOS Linux flavors.

I know how to use tcp wrappers to implement security for Linux.But,I want to know that which file will apply it's rules finally. Below is the example.

hosts.deny having sshd=ALL
hosts.allow having sshd=ALL

Now,which rule will work?

Moreover,I would like to know some good examples of tcp wrappers. So, kindly provide me some good documentation link.

Waiting,
 
Old 11-10-2008, 09:54 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984
the allow file overrides the deny file.
 
Old 11-11-2008, 12:20 AM   #3
nishith
Member
 
Registered: Aug 2008
Posts: 148

Original Poster
Rep: Reputation: 15
Exclamation

Dear Friend,

It means,whatever I wrote last,it will overlap the existing rule.

Is it?
 
Old 11-11-2008, 03:17 AM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984
Sorry, i don't understand what you mean. if you have two equal statements in either file, the hosts.allow will take priority over the hosts.deny entry. so in this instance, ssh would be allowed.
 
Old 11-11-2008, 05:45 AM   #5
vikas027
Senior Member
 
Registered: May 2007
Location: Sydney
Distribution: RHEL, CentOS, Ubuntu, Debian, OS X
Posts: 1,305

Rep: Reputation: 107Reputation: 107
Smile

Hey, this is from my notes, I took it from somewhere.

The following are important points to consider when using TCP Wrappers to protect network services:

a)
Because access rules in hosts.allow are applied first, they take precedence over rules specified in hosts.deny. Therefore, if access to a service is allowed in hosts.allow, a rule denying access to that same service in hosts.deny is ignored.
b)
The rules in each file are read from the top down and the first matching rule for a given service is the only one applied. The order of the rules is extremely important.
c)
If no rules for the service are found in either file, or if neither file exists, access to the service is granted.
d)
TCP-wrapped services do not cache the rules from the hosts access files, so any changes to hosts.allow or hosts.deny take effect immediately, without restarting network services.


Hope this helps !!

Regards,
VIKAS
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Tcp wrappers sysconfig Linux - Security 4 09-08-2006 09:20 AM
tcp wrappers with ip range dylan912 Linux - Security 1 07-13-2006 11:33 PM
TCP Wrappers ? juanb Linux - Newbie 1 01-31-2004 02:35 PM
tcp wrappers --with-tcp-wrappers ForumKid Linux - Security 2 01-04-2002 05:01 PM
TCP Wrappers ltrain Linux - Security 6 05-31-2001 11:40 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:48 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration