[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Mon, 2005-10-03 at 13:54 +0100, Philip Radford wrote:
>
> That sounds interesting. Could you point me in the right direction for
> achieving this. We are using Red Hat 9 which is dated by todays standards
> but we are looking at RHEL in the near future.
>
First, try typing in 'man 5 hosts_access'. This might (it does under
FC4) give you the man page showing the format of the hosts.allow and
hosts.deny files.
Personally, I *always* configure the hosts.deny to say:
ALL : ALL : DENY
that way, if anything is to succeed then I have to configure it in the
hosts.allow file. In your case, then yes this may block other
TCP-wrapper controlled services.
In the hosts.allow file for ssh, as an example, I would have something
like:
sshd : 192.168. : severity daemon.warning : ALLOW
So this would only allow through connections from a 192.168 address. The
'daemon.warning' simply sends a message to syslog at that priority so
that I can see who is logging in. (It depends on how
your /etc/syslog.conf is configured. If you are unsure about that the
try 'man syslog.conf'.)
>
> Wouldn't /(/etc/hosts.allow) block access to all daemons coming in via
> eth0 and not just SSH. Unless that is what this wrapper is intended to
> achieve.
>
No, you specify what daemons are to be IP-address controlled. You could
put in hosts.allow something like:
sshd : 192.168. : severity daemon.warning : ALLOW
ALL : ALL : ALLOW
This would then control the ssh daemon but allow anything else through.
John.
--
---------------------------------------------------------------
John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914
E-mail: John.Horne@xxxxxxxxxxxxxx Fax: +44 (0)1752 233839
--
The Mailing List for the Devon & Cornwall LUG
Mail majordomo@xxxxxxxxxxxxx with "unsubscribe list" in the
message body to unsubscribe. FAQ: www.dcglug.org.uk/linux_adm/list-faq.html