Recipe 3.11 Restricting Access by Remote Hosts (inetd)

Previous page
Table of content
Next page

3.11.1 Problem

You want only particular remote hosts to access a TCP service via inetd.

3.11.2 Solution

Use tcpd, specifying rules in /etc/hosts.allow and/or /etc/hosts.deny. Here's an example of wrapping the Telnet daemon, in.telnetd, to permit connections only from IP address 192.168.1.100 or the example.com domain. Add to /etc/hosts.allow:

in.telnetd : 192.168.1.100 in.telnetd : *.example.com in.telnetd : ALL : DENY

Then modify the appropriate configuration files to substitute tcpd for your service, and restart inetd.

3.11.3 Discussion

The control files /etc/hosts.allow and /etc/hosts.deny define rules by which remote hosts may access local TCP services. The access control daemon tcpd processes the rules and determines whether or not to launch a given service.

First set up your access control rules in /etc/hosts.allow and/or /etc/hosts.deny. Then modify /etc/inetd.conf to invoke the service through tcpd:

Old /etc/inetd.conf: telnet  stream  tcp  nowait  root  /usr/sbin/in.telnetd  in.telnetd New /etc/inetd.conf: telnet  stream  tcp  nowait  root  /usr/sbin/tcpd  /usr/sbin/in.telnetd

Finally restart inetd so your changes take effect. [Recipe 3.4]

3.11.4 See Also

hosts.allow(5), tcpd(8), inetd.conf(5).

Previous page
Table of content
Next page
Linux Security Cookbook
Linux Security Cookbook
ISBN: 0596003919
EAN: 2147483647
Year: 2006
Pages: 247
Authors: Daniel J. Barrett, Richard E. Silverman, Robert G. Byrnes
BUY ON AMAZON
Database Modeling with MicrosoftВ® Visio for Enterprise Architects (The Morgan Kaufmann Series in Data Management Systems)
VBScript Programmers Reference
Professional Java Native Interfaces with SWT/JFace (Programmer to Programmer)
Google Maps Hacks: Tips & Tools for Geographic Searching and Remixing
Special Edition Using FileMaker 8
FileMaker 8 Functions and Scripts Desk Reference
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy