TCP Wrapper
2016/02/21
|
This is the example for TCP Access Control by TCP Wrapper.
| |
| [1] | Install TCP Wrapper. |
| [root@dlp ~]#
yum -y install tcp_wrappers
|
| [2] | Make sure if a service can be under the TCP Wrapper control or not with the following command. If it includes a link to 'libwrap', it's possible. |
| [root@dlp ~]#
ldd /usr/sbin/sshd | grep wrap
libwrap.so.0 => /lib64/libwrap.so.0 (0x00007f01b4e2a000)
# this service can be under TCP Wrapper control because it includes 'libwrap'
|
| [3] | Access control by TCP Wrapper is configured in '/etc/hosts.allow' and '/etc/hosts.deny'. The example below shows to set configuration which allows to access to sshd from 10.0.0.0/24. |
[root@dlp ~]#
vi /etc/hosts.deny
sshd: ALL
[root@dlp ~]#
vi /etc/hosts.allow
sshd: 10.0.0.
|
| [4] | For the case to allow the accesses to vsftpd from 'host.example.domain'. |
[root@dlp ~]#
vi /etc/hosts.deny
vsftpd: ALL
[root@dlp ~]#
vi /etc/hosts.allow
vsftpd: host.example.domain
|
| [5] | For the case to allow accesses to all services that can be under TCP Wrapper control only from 'example.domain' and '10.0.1.0/24'. |
[root@dlp ~]#
vi /etc/hosts.deny
ALL: ALL
[root@dlp ~]#
vi /etc/hosts.allow
ALL: .example.domain 10.0.1.
|
Nenhum comentário:
Postar um comentário