Tuesday, March 28, 2017

Unix - Intro to TCP Wrappers

Intro to TCP Wrappers

TCP Wrappers is a security mechanism which protects some services using /etc/hosts.allow and /etc/hosts.deny files.
- TCP Wrapper is installed by default.
- The entries on both files is read from top to bottom applying the first matching rule.
- Once the first rule is matched, all other rules are ignored. Rules at hosts.allow are read first and hosts.deny.
- If there is no matching rule, then access is granted.
- You don't have to restart any services. Once you make changes to files, the rule applies immediately.
- Mostly services running under xinetd are protected by TCP Wrappers.
- To protect the service, the service must be compiled against libwrap.a [libwrap.so.0] library.
- You can check if service can be managed through TCP Wrapper as follow
  # ldd `which "service-name" | grep libwrap
  # ldd `which sshd` | grep libwrap
- if you see the output, that mean service can be configure to work through TCP Wrapper.
- Some services such as sendmail, vsftpd, ssh (no httpd) are managed through wrapper.

Check what package /etc/hosts.allow file.
# rpm -qf /etc/hosts.allow

this will returns the setup-2....
So this is part of setup program.

Display information about the package
# rpm -qi setup

Get help about it
# man -k hosts.{allow,deny}

No comments:

Post a Comment