Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 83846 - RFE: prefer TCP wrapper for denying access
Summary: RFE: prefer TCP wrapper for denying access
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: rhl-rg
Version: 9
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Johnray Fuller
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2003-02-09 19:43 UTC by Michael Redinger
Modified: 2007-04-18 16:50 UTC (History)
0 users

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2003-06-30 19:42:17 UTC


Attachments (Terms of Use)

Description Michael Redinger 2003-02-09 19:43:05 UTC
Red Hat Linux Reference Guide 8.0.93
Page 112f (9.4.3.2. Access Control Options)
Add a note that it's almost always better to not use control options
in xinetd but rely on hosts.(allow|deny) instead.
In hosts.deny you can block everything with ALL: ALL and then allow
the required services in hosts.allow.
If you use only_from or no_access in the xinetd configuration files, you
miss those programs that are not started using xinetd but are also using
TCP wrappers. Mixing both is obviousely a bad idea, so use
hosts.(allow|deny) instead.

Comment 1 Johnray Fuller 2003-02-12 07:49:37 UTC
There is talk of changing TCP wrappers infrastructure, so I did not "go there." 

I will leave this as an RFE for next round.

Thanks again.

Johnray

Comment 2 Johnray Fuller 2003-06-30 19:42:17 UTC
I have added this information to the most recent version.

This chapter will be on the Docs Beta CD and in the final product.

J


Note You need to log in before you can comment on or make changes to this bug.