RH 253: HOW TO TCPWRAPPERS

Services which contain libwrap module can use hosts.deny to control Access


    ldd  /usr/sbin/vsftpd    |grep libwrap
    ldd  /usr/sbin/sendmail  |grep libwrap
    ldd  /usr/sbin/sshd      |grep libwrap


To Restrict a host/network  to control access to a Service.

1.  Using Hostname/Domainname

 
   vim /etc/hosts.deny
-> vsftpd  *.example.com       ->All hosts in example.com denied to access ftp
-> vsftpd  server.example.com  ->Host server in example.com denied to access

2.  Using  Ipaddress/Network

 
    vim /etc/hosts.deny
-> vsftpd  192.168.1.0/255.255.255.0    ->All hosts in 1.0 N/W denied.
-> vsftpd  192.168.1.4                  ->Host 1.4 denied.


3.  To  Deny all Except few.

 
    vim /etc/hosts.deny
->  sshd:ALL  EXCEPT   matrix.com     ->Any domain other than matrix.com                                              are denied the Access to ssh.

4. To  Allow all Except few.

 
   vim /etc/hosts.allow
-> ALL  *.example.com  EXCEPT  *.matrix.com ->Any domain other than matrix.com are allowed to access..


Both entries allow/deny can be given in either hosts.allow or hosts.deny file




If you found this post useful, I would really love it, if you can Like the Page, or share it with your Facebook/Google+/Twitter Friends... It will keep me motivated. Thank you!

No comments:

Post a Comment