Recipe 3.9 Restricting Access by Remote Hosts (xinetd with libwrap)

Previous page
Table of content
Next page

3.9.1 Problem

You want only particular remote hosts to access a TCP service via xinetd , when xinetd was compiled with libwrap support.

3.9.2 Solution

Control access via /etc/hosts.allow and /etc/hosts.deny. For example, to permit Telnet connections only from 192.168.1.100 and hosts in the example.com domain, add this to /etc/hosts.allow:

in.telnetd : 192.168.1.100 in.telnetd : *.example.com in.telnetd : ALL : DENY

Then reset xinetd so your changes take effect. [Recipe 3.3]

3.9.3 Discussion

If you want to consolidate your access control in /etc/hosts.allow and /etc/hosts.deny, rather than use xinetd-specific methods [Recipe 3.8], or if you prefer the hosts.allow syntax and capabilities, this technique might be for you. These files support a rich syntax for specifying hosts and networks that may, or may not, connect to your system via specific services.

This works only if xinetd was compiled with libwrap support enabled. To detect this, look at the output of:

$ strings /usr/sbin/xinetd | grep libwrap libwrap refused connection to %s from %s %s started with libwrap options compiled in.

If you see printf-style format strings like the above, your xinetd has libwrap support.

3.9.4 See Also

xinetd(8), hosts.allow(5).

Previous page
Table of content
Next page
Linux Security Cookbook
Linux Security Cookbook
ISBN: 0596003919
EAN: 2147483647
Year: 2006
Pages: 247
Authors: Daniel J. Barrett, Richard E. Silverman, Robert G. Byrnes
BUY ON AMAZON
Kanban Made Simple: Demystifying and Applying Toyotas Legendary Manufacturing Process
FileMaker Pro 8: The Missing Manual
The Complete Cisco VPN Configuration Guide
Visual C# 2005 How to Program (2nd Edition)
Telecommunications Essentials, Second Edition: The Complete Global Source (2nd Edition)
Microsoft Visual Basic .NET Programmers Cookbook (Pro-Developer)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy