Hosts Allow and Deny

The restrictions on hosts.allow or hosts.deny are only valid if the specific network based applications refer to the tcpwrappers library.

Check the application uses the tcp wrappers library, the Linux command ldd display a list of the shared libraries each program requires.

ldd /usr/sbin/sshd | grep libwrap

returns
libwrap.so.0 => /usr/lib/libwrap.so.0

if the application is using that library

ALLOW

# hosts.allow This file describes the names of the hosts which are
# allowed to use the local INET services, as decided
# by the ‘/usr/sbin/tcpd’ server.
#
sshd: 123.45.67. : allow

Note: You need the DOT after 67 if you want to have it open to the entire 67 range

This allows ssh access to this server for the 123.45.67 iprange

DENY

# hosts.deny This file describes the names of the hosts which are
# *not* allowed to use the local INET services, as decided
# by the ‘/usr/sbin/tcpd’ server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow. In particular
# you should know that NFS uses portmap!
All: All : deny

This denies all ip ranges acces to any of the services using tcp wrappers

Advertisements

One thought on “Hosts Allow and Deny

  1. Pingback: Steps to consider (Post creation of Ubuntu Linux server) « RUBRIC Tech Team

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s