Access Control by TCP Wrapper2010/05/05 |
This is the example for Access Control by TCP Wrapper.
|
|
[1] | TCP Wrapper is installed by default on many environment, but if it's not installed on your server, Install first. |
[root@rx7 ~]# yum -y install tcp_wrappers
|
[2] | Make sure if a service can be under the TCP Wrapper control or not with following command. If it includes a link to 'libwrap', it's possible. |
[root@rx7 ~]# ldd /usr/sbin/sshd | grep wrap libwrap.so.0 => /lib64/libwrap.so.0 (0x00002b3ff55bd000) # this service can be under TCP Wrapper control because it includes 'libwrap'
|
[3] | Access control by TCP Wrapper is done with '/etc/hosts.allow' and '/etc/hosts.deny'. the example below shows to set access control which allow to access from 192.168.0.0/24. |
[root@rx7 ~]# vi /etc/hosts.deny sshd: ALL [root@rx7 ~]# vi /etc/hosts.allow sshd: 192.168.0.
|
[4] | The case to allow the access to vsftpd from 'host.example.com' |
[root@rx7 ~]# vi /etc/hosts.deny vsftpd: ALL [root@rx7 ~]# vi /etc/hosts.allow vsftpd: host.example.com
|
[5] | Allow access to all services that can be under TCP Wrapper control from 'example.com' and '192.168.1.0/24' |
[root@rx7 ~]# vi /etc/hosts.deny ALL: ALL [root@rx7 ~]# vi /etc/hosts.allow ALL: .example.com 192.168.1.
|
|