Add to Favorites | Login | Register
Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

About us Contact us

Wang Gaoli: TCP Wrappers access Control (hosts.allow,hosts.deny)

2025-03-01 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)06/01 Report--

TCP Wrappers access control

In Linux system, many network services provide some access control mechanism for clients, such as Samba, BIND, HTTPD, OpenSSH, etc., while TCP Wrappers (TCP envelope) provides additional security as a special line of defense between application services and the network.

The software package tcp_wrappers-7.6-57.el6.x86_64 is used in RHEL6.5, which provides two ways to implement the TCP Wrappers protection mechanism: the executor tcpd and the shared link library file libwrap.so.*,-directly use tcpd programs to protect other service programs, and need to run tcpd. Libwrap.so.* link libraries are called by other network service programs, and there is no need to run tcpd programs.

View method:

TCP Wrappers access policy: two files / etc/hosts.allow and / etc/hosts.deny are used to set the allow and deny policies, respectively.

Basic principles of access control:

With regard to the access policy of the TCP Wrappers mechanism, the following order and principles should be followed when applied: first check the / etc/hosts.allow file, and if a matching policy is found, access is allowed, otherwise continue to find the / etc/hosts.deny file, if a matching policy is found, access is denied; if neither of the above two files is found, access is allowed.

TCP Wrappers configuration instance

The looser policy can be "allow all, reject the individual", and the stricter policy is "allow the individual, reject all". The former only needs to add the corresponding deny policy to the hosts.allow file, while the latter needs to set the deny policy of "ALL:ALL" in the hosts.deny file in addition to adding the allow policy in the hosts.allow.

For example, you only want to access the sshd service from a host in 192.168.1.2 or a host in the 192.168.1.0 Universe 24 network segment, and if other addresses are denied, you can do the following

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Tag Search: Policies files programs services controls mechanisms networks hosts principles methods network services software software packages links protection applications running loose special security vpn macOS Linux MariaDB MySQL Docker Shulou Information Shulou Technology Shulou Tech Info OPPO Reno Redmi Xiaomi NVidia Microsoft Huawei Apple macOS Xiaomi Shulou Technology Microsoft MariaDB Shulou Tech Info Redmi Linux MySQL Shulou Information Apple NVidia Huawei Docker OPPO Reno vpn macOS Xiaomi Shulou Technology Microsoft MariaDB Shulou Tech Info Redmi Linux MySQL Shulou Information Apple NVidia Huawei Docker OPPO Reno vpn

Share To

Related

Network Security

More Network Security >

Latest Network Security More Network Security >

Latest Internet Technology More Internet Technology >

Latest Development More Development >

Latest Database More Database >

Latest Servers More Servers >

Latest Mobile Phone More Mobile Phone >

Latest Android Software More Android Software >

Latest Apple Software More Apple Software >

Latest Computer Software News More Computer Software News >

Latest IT Information More IT Information >

Wechat

About us Contact us Product review car news thenatureplanet

© 2024 shulou.com SLNews company. All rights reserved.

12
Report