** Reply to message from jdow <jdow@earthlink.net> on Tue, 12 Nov 2002 10:10:52 -0800 >snip> I wonder how many people bother to > setup the tcpwrappers level of security on their systems. It's not much > but it can make doing anything once iptables is punctured rather on > the difficult side topologically speaking. "Ain't no way there from here.") I, for one: --------------- cat /etc/hosts.deny # # hosts.deny This file describes the names of the hosts which are # *not* allowed to use the local INET services, as decided # by the '/usr/sbin/tcpd' server. # # The portmap line is redundant, but it is left to remind you that # the new secure portmap uses hosts.deny and hosts.allow. In particular # you should know that NFS uses portmap! ALL: ALL: spawn echo tcpwrap has detected an Unauthorised Connection Attempt\ from %h %a to %d at `date`|tee -a /var/log/secure|mail root@xxx.xxx # cat /etc/hosts.allow # # hosts.allow This file describes the names of the hosts which are # allowed to use the local INET services, as decided # by the '/usr/sbin/tcpd' server. # ALL: LOCAL .localdomain SSHD,X11-SSH-OFFSET: xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx ------------------ Only 3 IPs allowed to ssh in. All others denied. -- Jack Bowling mailto: jbinpg@shaw.ca -- Psyche-list mailing list Psyche-list@redhat.com https://listman.redhat.com/mailman/listinfo/psyche-list
