Services which contain libwrap module can use hosts.deny to control Access
ldd /usr/sbin/vsftpd |grep libwrap
ldd /usr/sbin/sendmail |grep libwrap
ldd /usr/sbin/sshd |grep libwrap
To Restrict a host/network to control access to a Service.
1. Using Hostname/Domainname
vim /etc/hosts.deny
-> vsftpd *.example.com ->All hosts in example.com denied to access ftp
-> vsftpd server.example.com ->Host server in example.com denied to access
2. Using Ipaddress/Network
vim /etc/hosts.deny
-> vsftpd 192.168.1.0/255.255.255.0 ->All hosts in 1.0 N/W denied.
-> vsftpd 192.168.1.4 ->Host 1.4 denied.
3. To Deny all Except few.
vim /etc/hosts.deny
-> sshd:ALL EXCEPT matrix.com ->Any domain other than matrix.com are denied the Access to ssh.
4. To Allow all Except few.
vim /etc/hosts.allow
-> ALL *.example.com EXCEPT *.matrix.com ->Any domain other than matrix.com are Allowed to Access.
Both entries allow/deny can be given in either hosts.allow or hosts.deny file
ldd /usr/sbin/vsftpd |grep libwrap
ldd /usr/sbin/sendmail |grep libwrap
ldd /usr/sbin/sshd |grep libwrap
To Restrict a host/network to control access to a Service.
1. Using Hostname/Domainname
vim /etc/hosts.deny
-> vsftpd *.example.com ->All hosts in example.com denied to access ftp
-> vsftpd server.example.com ->Host server in example.com denied to access
2. Using Ipaddress/Network
vim /etc/hosts.deny
-> vsftpd 192.168.1.0/255.255.255.0 ->All hosts in 1.0 N/W denied.
-> vsftpd 192.168.1.4 ->Host 1.4 denied.
3. To Deny all Except few.
vim /etc/hosts.deny
-> sshd:ALL EXCEPT matrix.com ->Any domain other than matrix.com are denied the Access to ssh.
4. To Allow all Except few.
vim /etc/hosts.allow
-> ALL *.example.com EXCEPT *.matrix.com ->Any domain other than matrix.com are Allowed to Access.
Both entries allow/deny can be given in either hosts.allow or hosts.deny file
No comments:
Post a Comment