RE: [leaf-devel] Hosts.deny & hosts.allow

Wed, 26 Apr 2006 14:37:13 -0700 

Martin & All,

I guess the question would be then - for new users - how will they know what
to search for (i.e hosts.deny hosts.allow) when they do not know that
is/could be the problem?   A bit of the hen & the egg problem that is :-)

Seeing the feedback - most of that is due to "special" versions that is
built for this or that. All good stuff. I guess I'm beeing the user advocate
here :-)

If a new users take the Floppy, CD or Stick version, add a package (say
SNMPD) and open the correct ports in Shorewall and try to get snmp to work
(f.ex from MRTG) - it will not work out of the box.  Unfortunately the error
messages can not be said to be over helpful (not blaming anyone here - just
stating a fact).  I ran into that problem this week when upgrading a Bering
FW to a Bering uClibc FW. Eric was kind enough to point out the obvious, and
it this case the problem was myself as I had changed the Bering standard
etc.lrp years ago to get around these issues.  That got me thinking (still
am). What if I where a new user, testing Leaf for the first time. How would
I react to this... So - I was trying to come up with a way to avoid that
situation.  As most people here replying had objections I tried to find a
solution that would work for as many as possible.

I'll start my updating this document:
http://leaf.sourceforge.net/doc/bk01ch08s07.html

I'll also roll my own etc.lrp version (just # out the lines in
hosts.allow/deny ) and will stick in on my leaf  page for folks to use.

Best regards
Jørn
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Martin Hejl
Sent: 26. april 2006 21:22
To: [email protected]
Subject: Re: [leaf-devel] Hosts.deny & hosts.allow


Hi Jorn,

> A good idea might also be to add a few comments/samples for commonly used
> applications... Like Tom has done for Shorewall.
I don't know - I don't believe in keeping the documentation inside the
configuration, and there's more than enough information on hosts.allow
available on the net -
http://www.google.com/search?hl=en&q=hosts.allow&btnG=Google+Search
looks rather promising to me.

But I'm not the one who decides that, so it may well be that the people
who do decide such kinds of things follow your ideas rather than mine -
which would be fine with me too, as long as I'm not asked to write the
docs. I'm just voicing _my_ thoughts. I don't think we should give an
example that would leave people too exposed (like "ALL: ALL"), since I
think that somebody who decides to disable all security checks should
know what he's doing (and not only copying some sample config), but
that's just me.

> If we can gather enough samples I can write up a little section for the
> docs...
You mean something like
http://linux.about.com/od/commands/l/blcmdl5_hostsal.htm#lbAN (which is
on the page pointed to by the first link I get from the google search
mentioned above)? Sure, something like that could be useful - but I
guess it would be duplicating the work somebody else has already done
(unless you have something totally different in mind).

Martin



-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job
easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

_______________________________________________
leaf-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/leaf-devel



-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid0709&bid&3057&dat1642

_______________________________________________
leaf-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/leaf-devel

Reply via email to