Scribd Logo
Upload

Welcome to Scribd!

  • Understanding TCP Wrappers ( - Etc - Hosts - Allow & - Etc - Hosts - Deny) in Linux - The Geek Diary PDF

    Uploaded by

    mitrasamrat20026085
    8 views3 pages

    Original Title

    Understanding TCP Wrappers (_etc_hosts.allow & _etc_hosts.deny) in Linux – The Geek Diary.pdf

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    8 views3 pages

    Understanding TCP Wrappers ( - Etc - Hosts - Allow & - Etc - Hosts - Deny) in Linux - The Geek Diary PDF

    Uploaded by

    mitrasamrat20026085

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    1/29/2020 Understanding TCP Wrappers (/etc/hosts.allow & /etc/hosts.

    deny) in Linux – The Geek Diary

    THE GEEK DIARY


    Understanding TCP Wrappers (/etc/hosts.allow & /etc/hosts.deny) in
    HOWTOS | BASICS | CONCEPTS

    Linux

    By admin (https://www.thegeekdiary.com/author/sandeep_patil/)

    TCP wrappers provide basic tra c ltering of incoming network tra c. Access to “wrapped” network services
    running on a Linux server from other systems can be allowed or denied. A TCP wrapped service is one that has
    been compiled against the libwrap.a library. Use the ldd command to determine whether a network service is
    linked to libwrap.a. The following example determines the absolute path name of the sshd service, and then
    lists the shared libraries linked to the sshd service, using the grep command to search for the libwrap library:

    # which sshd
    /sbin/sshd

    # ldd /sbin/sshd | grep libwrap


    libwrap.so.0 => /lib64/libwrap.so.0 (0x00007f1fea580000)

    Con guration les


    TCP wrappers rely on two con guration les as the basis for access control:

    /etc/hosts.allow
    /etc/hosts.deny

    When a client attempts to connect to a network service on a remote system, these les are used to determine
    whether client access is allowed or denied. Use /etc/hosts.allow and /etc/hosts.deny to de ne rules that
    selectively allow or deny clients access to server daemons on local system. The format for entries is as follows
    for both les:

    Ad
    We'll try closed
    Adnot
    by
    to show
    closed by that ad again
    Stop seeing this ad

    Why this ad?

    https://www.thegeekdiary.com/understanding-tcp-wrappers-in-linux/ 1/4
    1/29/2020 Understanding TCP Wrappers (/etc/hosts.allow & /etc/hosts.deny) in Linux – The Geek Diary

    daemon_list : client_list [: command]

    A description of each eld follows:

    daemon_list: A comma-separated list of daemons, or keyword ALL for all daemons


    client_list: A comma-separated list of clients, or keyword ALL for all clients
    command: An optional command that is executed when a client tries to access a server daemon

    To allow client access, add the client host name or IP address in /etc/hosts.allow. To deny client access, add its
    name or IP address in /etc/hosts.deny.

    The /etc/hosts.allow le is read rst and is read from top to bottom. If a daemon-client pair matches the rst
    line in the le, access is granted. If the line is not a match, the next line is read and the same check is performed.
    If all lines are read and no match occurs, the /etc/hosts.deny le is read, starting at the top. If a daemon-client
    pair match is found in the deny le, access is denied. If no rules for the daemon-client pair are found in either
    le, or if neither le exists, access to the service is granted.

    Because access rules in hosts.allow are applied rst, they take precedence over rules speci ed in hosts.deny.
    Therefore, if access to a service is allowed in hosts.allow, a rule denying access to that same service in
    hosts.deny is ignored. The following are some examples of entries in the /etc/hosts.allow le:

    1. To allow clients on the 192.168.2 subnet to access FTP (daemon is vsftpd):

    # vi /etc/hosts.allow
    vsftpd : 192.168.2.*

    https://www.thegeekdiary.com/understanding-tcp-wrappers-in-linux/ 2/4
    1/29/2020 Understanding TCP Wrappers (/etc/hosts.allow & /etc/hosts.deny) in Linux – The Geek Diary

    2. To allow all clients to access ssh, scp, and sftp (daemon is sshd):

    # vi /etc/hosts.allow
    sshd : ALL

    3. Place the following entry in the /etc/hosts.deny le to deny FTP service to all clients except subnet 192.168.2.*
    (this assumes the previous entry of vsftpd:192.168.2.* exists in /etc/hosts.allow):

    # vi /etc/hosts.deny
    vsftpd : ALL

    4. Use the .domain syntax to represent any hosts from a given domain. The following example allows
    connections to vsftpd from any host in the example.com domain (if the entry is in /etc/hosts.allow):

    # vi /etc/hosts.allow
    vsftpd : .example.com

    If this entry appears in /etc/hosts.deny, the connection is denied.

    TCP Wrapper (hosts.allow & hosts.deny) Command Options in Linux (https://www.thegeekdiary.com/tcp-


    wrapper-hosts-allow-hosts-deny-command-options-in-linux/)

    Y O U M AY A L S O L I K E

    https://www.thegeekdiary.com/understanding-tcp-wrappers-in-linux/ 3/4

    You might also like