Re: Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On Thu, Mar 20, 2014 at 12:55:56PM -0700, Keith Keller wrote:
> > What do you think? Do you rely on hosts.allow/hosts.deny a primary security
> > mechanism? As defense-in-depth? Do you have policies which mandate it?
> I currently use it in conjunction with denyhosts, but have been
> considering moving to something like sshguard with iptables instead.  If
> hosts.deny support disappeared then I would simply go that route when
> necessary.
> May I ask what the reason is for considering dropping tcp wrappers
> support?

I think the main reasons are: upstream library isn't actually maintained
since June 2001. The API is somewhat ugly and crufty. Possibly also one more
place to check, making systems administration harder.


-- 
Matthew Miller           mattdm@xxxxxxxxxx          <http://mattdm.org/>
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux