Gentoo Archives: gentoo-security

From: Matt Drew <matt.drew@×××××.com>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] TCP Wrapper Documentation
Date: Wed, 14 Jan 2009 21:19:15
Message-Id: 5ee831cb0901141317m2c272a08kfcf39c6a577e9749@mail.gmail.com
In Reply to: Re: [gentoo-security] TCP Wrapper Documentation by James Stull
I can think of three reasons: less clutter, less maintenance, and
keeping the machine from wasting time parsing the file on busy systems
that may have libwrap-enabled applications, but where no access
controls have been configured.

On Mon, Jan 12, 2009 at 7:32 PM, James Stull <rivitir@×××××.com> wrote:
> Thank you for all the suggestions, they have been very helpful and I now > have my tcp wrappers up and running. > > Just out of curiosity, why doesn't the ebuild install /etc/hosts.allow/deny > with some basic configuration examples or at least empty files? > > > > On Mon, Jan 12, 2009 at 12:50 PM, brant williams <brant@×××××.net> wrote: >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA256 >> >> >> Hi there... >> >> You can also install the "DenyHosts" package, which will parse your syslog >> for failed ssh entries, and then update/maintain /etc/hosts.{allow,deny}. >> >> http://denyhosts.sourceforge.net/ >> >> You can run it as a daemon, or from within cron. >> >> hth >> - -brant >> >> brant williams >> FCAA CDCA 20BC 3925 D634 F5C4 7420 6784 4DEB 6002 >> >> >> >> On Sat, 10 Jan 2009, Chris O'Regan wrote: >> >>> Date: Sat, 10 Jan 2009 00:51:47 -0500 >>> From: Chris O'Regan <chris.oregan@×××××.com> >>> Reply-To: gentoo-security@l.g.o >>> To: gentoo-security@l.g.o >>> Subject: Re: [gentoo-security] TCP Wrapper Documentation >>> >>> Search for "tcp wrappers howto" on Google. Yes, this must be >>> maintained manually. I recommend to do away with /etc/host.deny and >>> have "ALL :ALL@ALL :deny" as the last line of /etc/hosts.allow. >>> >>> On Fri, Jan 9, 2009 at 11:51 PM, James Stull <rivitir@×××××.com> wrote: >>>> >>>> I have a gentoo desktop profile system and I would like to use tcp >>>> wrappers >>>> to secure certain services like ssh. I followed the documentation I >>>> could >>>> find from the security guide to install the ebuild but I don't have the >>>> /etc/hosts.allow or hosts.deny. Do I have to manually create these? Is >>>> their >>>> any other documentation available that I can use to help me install and >>>> configure it properly? >>>> >>>> Thanks for your help. >>>> >>> >>> >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v2.0.9 (GNU/Linux) >> >> iEYEAREIAAYFAklrgtkACgkQdCBnhE3rYAIsLQCgpLxynaOGVdxWlKh7YeOdpIC5 >> oggAnRFgIwBudFTonqx2/ABUSdzDWNLx >> =N70i >> -----END PGP SIGNATURE----- >> > >