Table of Contents
Advertisement
Chapter 17. TCP Wrappers and ...
•
— A comma separated list of hostnames, host IP addresses, special patterns
<client list>
(refer to
Section 2.1.2,
which identify the hosts effected by the rule. The client list also accepts operators listed in
Section 2.1.4, "Operators"
•
— An optional action or colon separated list of actions performed when the rule is
<option>
triggered. Option fields support expansions (refer to
commands, allow or deny access, and alter logging behavior (refer to
Fields").
The following is a basic sample hosts access rule:
vsftpd : .example.com
This rule instructs TCP wrappers to watch for connections to the FTP daemon (
any host in the
example.com
accepted. If this rule appears in
The next sample hosts access rule is more complex and uses two option fields:
sshd : .example.com \ : spawn /bin/echo `/bin/date` access
denied>>/var/log/sshd.log \ : deny
Note that each option field is preceded by the backslash (
failure of the rule due to length.
This sample rule states that if a connection to the SSH daemon (
in the
domain, execute the
example.com
file), and deny the connection. Because the optional
access even if it appears in the
refer to
Section 2.2, "Option
2.1.1. Wildcards
Wildcards allow TCP wrappers to more easily match groups of daemons or hosts. They are
used most frequently in the client list field of access rules.
The following wildcards may be used:
•
— Matches everything. It can be used for both the daemon list and the client list.
ALL
•
— Matches any host that does not contain a period (
LOCAL
•
— Matches any host where the hostname and host address are known or where the
KNOWN
user is known.
312
"Patterns"), or special wildcards (refer to
to allow greater flexibility.
domain. If this rule appears in
, the connection is rejected.
hosts.deny
command (which logs the attempt to a special
echo
file. For a more detailed look at available options,
hosts.allow
Fields".
Section 2.1.1,
Section 2.2.4,
"Expansions"), launch shell
Section 2.2, "Option
, the connection is
hosts.allow
). Use of the backslash prevents
\
) is attempted from a host
sshd
directive is used, this line denies
deny
), such as localhost.
.
"Wildcards")
) from
vsftpd
Advertisement
Table of Contents
Related Manuals for Red Hat ENTERPRISE LINUX 4.5.0
Related Products for Red Hat ENTERPRISE LINUX 4.5.0
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 4.5
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 4.6
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 4.7
- Red Hat ENTERPRISE LINUX 4 - DM MULTIPATH
- Red Hat ENTERPRISE LINUX 4 - LVM ADMINISTRATOR
- Red Hat ENTERPRISE LINUX 4 - DEVELOPER TOOLS GUIDE
- Red Hat ENTERPRISE LINUX 4 - USING BINUTILS
- Red Hat ENTERPRISE LINUX 4 - STEP BY STEP GUIDE
- Red Hat ENTERPRISE LINUX 3 - SECURITY GUIDE
- Red Hat ENTERPRISE LINUX 3 - USING BINUTILS
- Red Hat ENTERPRISE LINUX 3 - STEP BY STEP GUIDE
- Red Hat ENTERPRISE LINUX 5.1 DM MULTIPATH
- Red Hat LINUX 7.2 - OFFICIAL LINUX CUSTOMIZATION GUIDE
- Red Hat LINUX 7.1 - ISERIES
- Red Hat Enterprise Linux 2.1
- Red Hat ENTERPRISE LINUX 5.1 - LINUX ORACLE