LPI Linux Certification/TCP wrappers
Detailed Objective
[edit | edit source]Weight: 1
Description:
Candidates should be able to configure tcpwrappers to allow connections to specified servers only from certain hosts or subnets.
- Key knowledge area(s):
- tcpwrappers configuration files, tools and utilities
- (x)inetd configuration files, tools and utilities
- The following is a partial list of the used files, terms and utilities:
- /etc/xinetd.conf
- /etc/xinetd.d/*
- /etc/inetd.conf
- tcpd
- /etc/hosts.allow
- /etc/hosts.deny
TCP_wrappers
[edit | edit source]Overview
[edit | edit source]Description: The candidate should be able to configure tcpwrappers to allow connections to specified servers from only certain hosts or subnets.
Key files, terms, and utilities include:
inetd.conf, tcpd hosts.allow, hosts.deny xinetd
TCP_wrappers
[edit | edit source]The TCP wrapper is a system to control access to network services For each service protected by TCP wrappers, the tcpd program is used and consults 2 files where access rights are defined, in search order :
/etc/hosts.deny: if a rule here is met, access is denied /etc/hosts.allow: if a rule here is met, access is allowed
Rules are constructed to match all services or specific services. If no match occurs in the two files, access is granted.
It is common to set specific rules in /etc/hosts.allow, and provide a blanket denial in /etc/hosts.deny (i.e deny everything except when specifically allowed) Rules format are :
[list of services] : [list of hosts]
i.e : deny all incoming requests except FTP from the local domain
/etc/hosts.allow : ftp : LOCAL
/etc/hosts.deny : ALL : ALL
Exercises
[edit | edit source]