search

Red Hat NETSCAPE MANAGEMENT SYSTEM 6.2 - COMMAND-LINE Guida di Installazione Pagina 31

  • Scaricare
  • Aggiungi ai miei manuali
  • Stampa
  • Pagina
    / 82
  • Indice
  • SEGNALIBRI
    • Valutato. / 5. Basato su recensioni clienti
Vedere la pagina 30
to only our sshd daemon from any host associated with .myworkplace.com. Note the leading "." in this
example. And then also, the single host hostess.mymomshouse.com. In summary, localhost and all our
LAN connections have access to any and all tcpwrappered services on bigcat. But only our workplace
addresses, and our mother can use sshd on bigcat from outside connections. Everybody else is denied by the
default policy in /etc/hosts.deny.
The types of wild cards above (.myworkplace.com and 192.168.1.) are not supported by
ipchains and iptables, or most other Linux applications for that matter. Also, tcpwrappers can use hostnames
in place of IP addresses which is quite handy in some situations. This does not work with ipchains and
iptables.
You can test your tcpwrappers configuration with the included tcpdchk utility (see the man page). Note that
at this time this does not work with xinetd, and may not even be included in this case.
There is nothing wrong with using both tcpwrappers and a packet filtering firewall like ipchains. In fact, it is
recommended to use a "layered" approach. This helps guard against accidental misconfigurations. In this
case, each connection will be tested by the packet filter rules first, then tcpwrappers.
Remember to make backup copies before editing system configuration files, restart the daemon afterward,
and then check the logs for error messages.
5.3.1. xinetd
As mentioned, xinetd is an enhanced inetd , and replaces inetd as of Red Hat 7.0. It has much of the same
functionality, with some notable enhancements. One is that tcpwrappers support be is compiled in,
eliminating the need for explicit references to tcpd. Which means /etc/hosts.allow and
/etc/hosts.deny are automatically in effect.
Some of xinetd's other enhancements: specify IP address to listen on, which is a very effective method of
access control; limit the rate of incoming connections and the total number of simultaneous connections; limit
services to specific times of day. See the xinetd and xinetd.conf man pages for more details.
The syntax is quite different though. An example from /etc/xinetd.d/tftp:
service tftp
{
socket_type = dgram
bind = 192.168.1.1
instances = 2
protocol = udp
wait = yes
user = nobody
only_from = 192.168.1.0
server = /usr/sbin/in.tftpd
server_args = /tftpboot
disable = no
}
Notice the bind statement. We are only listening on, or "binding" to, the private, LAN interface here. No
outside connections can be made since the outside port is not even opened. We are also only accepting
Security Quick−Start HOWTO for Red Hat Linux
5.3.1. xinetd 28
Vedere la pagina 30
1 2 ... 26 27 28 29 30 31 32 33 34 35 36 ... 81 82

Commenti su questo manuale

Nessun commento
  • Hamilton Sundstrand Company Casablanca Lava Heat AMX Soundking
  • Kenwood Tastierini numerici Dialogic Server Fisher Cuffie Rotel Amplificatore per strumenti musicali INSTEON no
  • Philips 226V3LAB5/01 Asus M20 Adesso AKB-310UB Summit FFRF3075W Bt A6
  • LG SK1 Manuale Utente HP EliteBook Folio 9480m Notebook PC Manuale Utente Moxi BMC9012 Manuale Utente Epson Stylus PRO 4880 Manuale Utente AEG L60260SL Manuale Utente