A question about host...
Hi, I am wanting to use host.allow and host.deny to make my box more secure. Is there a site that can explain how to use them. Thanks, Pup ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: A question about host...
Hello, On Wed, Sep 24, 2003 at 09:51:38AM -0400, Payne wrote: > Hi, > > I am wanting to use host.allow and host.deny to make my box more secure. > Is there a site that can explain how to use them. hosts.deny is depricated just use hosts.allow. please read 'man 5 hosts_options' or if you dont like the manual try http://ezine.daemonnews.org/200206/hosts_allow.html hope that helps... cheers, tom ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: A question about host...
Thomas Spreng wrote: > Hello, > > On Wed, Sep 24, 2003 at 09:51:38AM -0400, Payne wrote: > >>Hi, >> >>I am wanting to use host.allow and host.deny to make my box more secure. >>Is there a site that can explain how to use them. > > > hosts.deny is depricated just use hosts.allow. Hmmm, "man hosts_access" still talks happily about hosts.deny. Nowhere mentioning that it's depricated! Are the man pages here 'depricated' as well? Needs an update? Should the author of the man page be notified? R. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: A question about host...
[ On Wed, 24 Sep, 2003 at 9:51, Payne wrote: ] > Hi, > > I am wanting to use host.allow and host.deny to make my box more secure. > Is there a site that can explain how to use them. If I remember well : The lib libwrap.a corresponds to the famous name "tcp_wrappers". This lib is designed to secure the access of some network services : xinetd,sshd,portmap, ... Syntax of hosts_access files : service:host examples : # Manage ALL tcp_wrapped services for the source address 192.168.1.2 ALL:192.168.1.2 # Manage the pop3 service for the source address corresponding to the name my.computer.fr pop3d: my.computer.fr You can specify multiple services with the comma (pop3d, in.telnetd) There is also the tag EXCEPT to specify an exception : ALL:EXCEPT 173.22.7.9 Order of reading : The tcp_wrapped network service will read before the hosts.allow and AFTRE the hosts.deny. The current advice is to put the ALL:ALL in the hosts.deny I hope it will help you. > > Thanks, > > Pup > > > ___ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" [ End of original mail from Payne ] -- "No guts No glory" =] PASSELAC Armand [= ( @ @ ) Ingenieur Systemes-Reseaux & Securite ORBYTES INGENIERIE ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: A question about host...
- Original Message - From: "Armand Passelac" <[EMAIL PROTECTED]> To: "Payne" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Wednesday, September 24, 2003 10:46 AM Subject: Re: A question about host... > [ On Wed, 24 Sep, 2003 at 9:51, Payne wrote: ] > > Hi, > > > > I am wanting to use host.allow and host.deny to make my box more secure. > > Is there a site that can explain how to use them. > > If I remember well : > > The lib libwrap.a corresponds to the famous name "tcp_wrappers". > This lib is designed to secure the access of some network services : xinetd,sshd,portmap, ... > > Syntax of hosts_access files : > service:host > > examples : > # Manage ALL tcp_wrapped services for the source address 192.168.1.2 > ALL: 192.168.1.2 > # Manage the pop3 service for the source address corresponding to the name my.computer.fr > pop3d: my.computer.fr > > You can specify multiple services with the comma (pop3d, in.telnetd) > There is also the tag EXCEPT to specify an exception : > ALL: EXCEPT 173.22.7.9 > > Order of reading : > The tcp_wrapped network service will read before the hosts.allow and AFTRE the hosts.deny. > The current advice is to put the ALL:ALL in the hosts.deny > > > I hope it will help you. > > Unless things have changed in the 5.x series, libwrap is integrated into inetd now (-w -W flags apply). Also, there is no need for a hosts.deny file as hosts.allow contains both allow and deny entries now. Just have the all:all:deny at the very bottom of hosts.allow. The default hosts.allow file gives examples of how to use the file for access control to various daemons / services. -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: A question about host...
[ On Wed, 24 Sep, 2003 at 11:11, Micheal Patterson wrote: ] > > Excuse me Payne, Michael is totaly *right* ! You can see the /etc/hosts.allow ... there is a lot of good examples for you. Thanks Michael for the updating of _my_old_ view ;-) Bye. > > > - Original Message - > From: "Armand Passelac" <[EMAIL PROTECTED]> > To: "Payne" <[EMAIL PROTECTED]> > Cc: <[EMAIL PROTECTED]> > Sent: Wednesday, September 24, 2003 10:46 AM > Subject: Re: A question about host... > > > > [ On Wed, 24 Sep, 2003 at 9:51, Payne wrote: ] > > > Hi, > > > > > > I am wanting to use host.allow and host.deny to make my box more secure. > > > Is there a site that can explain how to use them. > > > > If I remember well : > > > > The lib libwrap.a corresponds to the famous name "tcp_wrappers". > > This lib is designed to secure the access of some network services : > xinetd,sshd,portmap, ... > > > > Syntax of hosts_access files : > > service:host > > > > examples : > > # Manage ALL tcp_wrapped services for the source address 192.168.1.2 > > ALL: 192.168.1.2 > > # Manage the pop3 service for the source address corresponding to the name > my.computer.fr > > pop3d: my.computer.fr > > > > You can specify multiple services with the comma (pop3d, in.telnetd) > > There is also the tag EXCEPT to specify an exception : > > ALL: EXCEPT 173.22.7.9 > > > > Order of reading : > > The tcp_wrapped network service will read before the hosts.allow and AFTRE > the hosts.deny. > > The current advice is to put the ALL:ALL in the hosts.deny > > > > > > I hope it will help you. > > > > > > Unless things have changed in the 5.x series, libwrap is integrated into > inetd now (-w -W flags apply). Also, there is no need for a hosts.deny file > as hosts.allow contains both allow and deny entries now. Just have the > all:all:deny at the very bottom of hosts.allow. The default hosts.allow > file gives examples of how to use the file for access control to various > daemons / services. > > -- > > Micheal Patterson > TSG Network Administration > 405-917-0600 > > Confidentiality Notice: This e-mail message, including any attachments, is > for the sole use of the intended recipient(s) and may contain confidential > and privileged information. Any unauthorized review, use, disclosure or > distribution is prohibited. If you are not the intended recipient, please > contact the sender by reply e-mail and destroy all copies of the original > message. > > ___ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" [ End of original mail from Micheal Patterson ] -- "No guts No glory" =] PASSELAC Armand [= ( @ @ ) Ingenieur Systemes-Reseaux & Securite ORBYTES INGENIERIE ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: A question about host...
- Original Message - From: "Armand Passelac" <[EMAIL PROTECTED]> To: "Micheal Patterson" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Wednesday, September 24, 2003 1:37 PM Subject: Re: A question about host... > [ On Wed, 24 Sep, 2003 at 11:11, Micheal Patterson wrote: ] > > > > > > Excuse me Payne, Michael is totaly *right* ! > You can see the /etc/hosts.allow ... there is a lot of good examples for you. > Thanks Michael for the updating of _my_old_ view ;-) > > Bye. > > > Not a problem I recall in 3.x when they first integrated wrappers into inetd. Many people were completely lost about it and many more even continued to install tcp_wrappers from ports until theport was marked broken. -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
