1 |
I can think of three reasons: less clutter, less maintenance, and |
2 |
keeping the machine from wasting time parsing the file on busy systems |
3 |
that may have libwrap-enabled applications, but where no access |
4 |
controls have been configured. |
5 |
|
6 |
On Mon, Jan 12, 2009 at 7:32 PM, James Stull <rivitir@×××××.com> wrote: |
7 |
> Thank you for all the suggestions, they have been very helpful and I now |
8 |
> have my tcp wrappers up and running. |
9 |
> |
10 |
> Just out of curiosity, why doesn't the ebuild install /etc/hosts.allow/deny |
11 |
> with some basic configuration examples or at least empty files? |
12 |
> |
13 |
> |
14 |
> |
15 |
> On Mon, Jan 12, 2009 at 12:50 PM, brant williams <brant@×××××.net> wrote: |
16 |
>> |
17 |
>> -----BEGIN PGP SIGNED MESSAGE----- |
18 |
>> Hash: SHA256 |
19 |
>> |
20 |
>> |
21 |
>> Hi there... |
22 |
>> |
23 |
>> You can also install the "DenyHosts" package, which will parse your syslog |
24 |
>> for failed ssh entries, and then update/maintain /etc/hosts.{allow,deny}. |
25 |
>> |
26 |
>> http://denyhosts.sourceforge.net/ |
27 |
>> |
28 |
>> You can run it as a daemon, or from within cron. |
29 |
>> |
30 |
>> hth |
31 |
>> - -brant |
32 |
>> |
33 |
>> brant williams |
34 |
>> FCAA CDCA 20BC 3925 D634 F5C4 7420 6784 4DEB 6002 |
35 |
>> |
36 |
>> |
37 |
>> |
38 |
>> On Sat, 10 Jan 2009, Chris O'Regan wrote: |
39 |
>> |
40 |
>>> Date: Sat, 10 Jan 2009 00:51:47 -0500 |
41 |
>>> From: Chris O'Regan <chris.oregan@×××××.com> |
42 |
>>> Reply-To: gentoo-security@l.g.o |
43 |
>>> To: gentoo-security@l.g.o |
44 |
>>> Subject: Re: [gentoo-security] TCP Wrapper Documentation |
45 |
>>> |
46 |
>>> Search for "tcp wrappers howto" on Google. Yes, this must be |
47 |
>>> maintained manually. I recommend to do away with /etc/host.deny and |
48 |
>>> have "ALL :ALL@ALL :deny" as the last line of /etc/hosts.allow. |
49 |
>>> |
50 |
>>> On Fri, Jan 9, 2009 at 11:51 PM, James Stull <rivitir@×××××.com> wrote: |
51 |
>>>> |
52 |
>>>> I have a gentoo desktop profile system and I would like to use tcp |
53 |
>>>> wrappers |
54 |
>>>> to secure certain services like ssh. I followed the documentation I |
55 |
>>>> could |
56 |
>>>> find from the security guide to install the ebuild but I don't have the |
57 |
>>>> /etc/hosts.allow or hosts.deny. Do I have to manually create these? Is |
58 |
>>>> their |
59 |
>>>> any other documentation available that I can use to help me install and |
60 |
>>>> configure it properly? |
61 |
>>>> |
62 |
>>>> Thanks for your help. |
63 |
>>>> |
64 |
>>> |
65 |
>>> |
66 |
>> -----BEGIN PGP SIGNATURE----- |
67 |
>> Version: GnuPG v2.0.9 (GNU/Linux) |
68 |
>> |
69 |
>> iEYEAREIAAYFAklrgtkACgkQdCBnhE3rYAIsLQCgpLxynaOGVdxWlKh7YeOdpIC5 |
70 |
>> oggAnRFgIwBudFTonqx2/ABUSdzDWNLx |
71 |
>> =N70i |
72 |
>> -----END PGP SIGNATURE----- |
73 |
>> |
74 |
> |
75 |
> |