Saturday, January 25, 2014

TCP WRAPPERS

Services which contain libwrap module can use hosts.deny to control Access
ldd  /usr/sbin/vsftpd    |grep libwrap
ldd  /usr/sbin/sendmail  |grep libwrap
ldd  /usr/sbin/sshd      |grep libwrap


To Restrict a host/network  to control access to a Service.

1.  Using Hostname/Domainname
   vim /etc/hosts.deny
-> vsftpd  *.example.com       ->All hosts in example.com denied to access ftp
-> vsftpd  server.example.com  ->Host server in example.com denied to access

2.  Using  Ipaddress/Network
    vim /etc/hosts.deny
-> vsftpd  192.168.1.0/255.255.255.0    ->All hosts in 1.0 N/W denied.
-> vsftpd  192.168.1.4                  ->Host 1.4 denied.


3.  To  Deny all Except few.
    vim /etc/hosts.deny
->  sshd:ALL  EXCEPT   matrix.com     ->Any domain other than matrix.com                                              are denied the Access to ssh.

4. To  Allow all Except few.
   vim /etc/hosts.allow
-> ALL  *.example.com  EXCEPT  *.matrix.com ->Any domain other than matrix.com                                              are Allowed to Access.


Both entries allow/deny can be given in either hosts.allow or hosts.deny file

No comments:

Post a Comment