Red Hat ENTERPRISE LINUX 3 Reference Manual page 260
Hide thumbs
Also See for ENTERPRISE LINUX 3:
- Manual (410 pages) ,
- System administration manual (348 pages) ,
- Administration manual (200 pages)
Table of Contents
Advertisement
242
vsftpd : .example.com
This rule instructs TCP wrappers to watch for connections to the FTP daemon (
host in the
example.com
If this rule appears in
The next sample hosts access rule is more complex and uses two option fields:
sshd : .example.com
: spawn /bin/echo '/bin/date' access denied>>/var/log/sshd.log \
: deny
Note that in this example that each option field is preceded by the backslash (
prevents failure of the rule due to length.
This sample rule states that if a connection to the SSH daemon (
the
domain, execute the
example.com
and deny the connection. Because the optional
if it appears in the
hosts.allow
16.2.2 Option Fields.
16.2.1.1. Wildcards
Wildcards allow TCP wrappers to more easily match groups of daemons or hosts. They are used most
frequently in the client list field of access rules.
The following wildcards may be used:
— Matches everything. It can be used for both the daemon list and the client list.
•
ALL
— Matches any host that does not contain a period (
•
LOCAL
— Matches any host where the hostname and host address are known or where the user is
•
KNOWN
known.
— Matches any host where the hostname or host address are unknown or where the user
•
UNKNOWN
is unknown.
— Matches any host where the hostname does not match the host address.
•
PARANOID
Caution
The
,
KNOWN
UNKNOWN
resolution may prevent legitimate users from gaining access to a service.
16.2.1.2. Patterns
Patterns can be used in the client list field of access rules to more precisely specify groups of client
hosts.
The following is a list of the most common accepted patterns for a client list entry:
Hostname beginning with a period (
•
all hosts sharing the listed components of the name. The following example applies to any host
within the
example.com
ALL : .example.com
domain. If this rule appears in
, the connection is rejected.
hosts.deny
\
echo
file. For a more detailed look at available options, refer to Section
, and
wildcards should be used with care as a disruption in name
PARANOID
) — Placing a period at the beginning of a hostname, matches
.
domain:
Chapter 16. TCP Wrappers and
hosts.allow
sshd
command (which will log the attempt to a special file),
directive is used, this line will deny access even
deny
), such as localhost.
.
xinetd
) from any
vsftpd
, the connection is accepted.
). Use of the backslash
\
) is attempted from a host in
Advertisement
Table of Contents
Related Manuals for Red Hat ENTERPRISE LINUX 3
Related Products for Red Hat ENTERPRISE LINUX 3
- Red Hat ENTERPRISE LINUX 3 - FOR IBM ESERVER ISERIES AND IBM ESERVER PSERIES
- Red Hat ENTERPRISE LINUX 3 - USING BINUTILS
- Red Hat ENTERPRISE LINUX 3 - STEP BY STEP GUIDE
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 4.5
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 4.7
- Red Hat ENTERPRISE LINUX 4 - DM MULTIPATH
- Red Hat ENTERPRISE LINUX 4.5.0 -
- Red Hat ENTERPRISE LINUX 5.1 DM MULTIPATH
- Red Hat LINUX 7.2 - OFFICIAL LINUX CUSTOMIZATION GUIDE
- Red Hat LINUX 7.1 - ISERIES
- Red Hat Enterprise Linux 2.1
- Red Hat ENTERPRISE LINUX 5 - VIRTUAL SERVER ADMINISTRATION
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 5.2
- Red Hat ENTERPRISE LINUX 5.5 - S 2010
- Red Hat ENTERPRISE LINUX 5.3 - RELEASE MANIFEST
- Red Hat ENTERPRISE LINUX 5.1 - LINUX ORACLE
Need help?
Do you have a question about the ENTERPRISE LINUX 3 and is the answer not in the manual?
Questions and answers