Table of Contents
Advertisement
Chapter 17. TCP Wrappers and ...
domain, execute the
echo
the
expansion), to a special file:
%h
sshd : .example.com \ : spawn /bin/echo `/bin/date` access denied to
%h>>/var/log/sshd.log \ : deny
Similarly, expansions can be used to personalize messages back to the client. In the following
example, clients attempting to access FTP services from the
that they have been banned from the server:
vsftpd : .example.com \ : twist /bin/echo "421 %h has been banned from this
server!"
For a full explanation of available expansions, as well as additional access control options, refer
to section 5 of the man pages for
.
hosts_options
For additional information about TCP wrappers, refer to
more information about how to secure TCP wrappers, refer to the chapter titled Server Security
in the Red Hat Enterprise Linux Security Guide.
3.
xinetd
The
daemon is a TCP wrapped super service which controls access to a subset of
xinetd
popular network services including FTP, IMAP, and Telnet. It also provides service-specific
configuration options for access control, enhanced logging, binding, redirection, and resource
utilization control.
When a client host attempts to connect to a network service controlled by
service receives the request and checks for any TCP wrappers access control rules. If access is
allowed,
verifies that the connection is allowed under its own access rules for that
xinetd
service and that the service is not consuming more than its alloted amount of resources or is in
breach of any defined rules. It then starts an instance of the requested service and passes
control of the connection to it. Once the connection is established,
further with communication between the client host and the server.
4.
Configuration Files
xinetd
The configuration files for
•
/etc/xinetd.conf
•
— The directory containing all service-specific files.
/etc/xinetd.d/
4.1. The
/etc/xinetd.conf
318
command to log the attempt, including the client hostname (by using
hosts_access
are as follows:
xinetd
— The global
xinetd
File
example.com
(
man 5 hosts_access
Section 5, "Additional
configuration file.
domain are informed
) and the man page for
Resources". For
, the super
xinetd
does not interfere
xinetd
Advertisement
Table of Contents
Need help?
Do you have a question about the ENTERPRISE LINUX 4.5.0 and is the answer not in the manual?
Questions and answers