In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-05 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)06/03 Report--
1. The protection object of the TCP Wrappers mechanism is various network service programs, and the access control is carried out according to the client address of the access service. The corresponding policy files are / etc/hosts.allow and / etc/hosts.deny, which are used to set the allow and deny policies, respectively.
1. Configuration format of the policy
The two policy files have the opposite effect, but the configuration record format is the same, as shown below
:
The list of service programs and the list of client addresses are separated by colons, and multiple items in each list are separated by commas.
(1) list of service programs
The list of service programs can be divided into the following categories.
● ALL: represents all services.
● single service program: such as "vsftpd"
A list of ● service programs, such as "vsftpd,shd"
(2) client address list
The client address list can be divided into the following categories.
Network segment address, such as "
192.168.4.0/255.255.255.0
● with "." Starting domain name: for example, "kgc.cn" matches all hosts in the kgc cn domain.
● with "." End network address: for example, "192.168.4" matches the entire 192 168.4.0 Universe 24 network segment. Embed the wildcard character "*"? " The former represents a character of any length, while the latter represents only one character. "10.0.8.2*" matches all P addresses that begin with 10.0.8.2. Cannot be mixed with patterns that start or end with "".
A list of multiple client addresses, such as "192.68.1. 172.17.17.men.kgc.cn"
two。 Basic principles of access control
With regard to the access policy of the TCP Wrappers mechanism, check the / etc/hosts.allow file first, and if you find a policy that matches, access is allowed. Otherwise, continue to check the / etc/hosts.deny file. If a matching policy is found, access is denied; if neither of the two files finds a matching policy, access is allowed.
3.TCP Wrappers configuration instance
For example, if you only want a host with an ip address of 192.168.10.10 or a host located on the 192.168.20.0 ax 24 network segment to access the sshd service, deny other addresses. Vim / etc/hosts.allow
Vim / etc/hosts.deny
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.