Tcp Wrappers - Red Hat ENTERPRISE LINUX 5 - DEPLOYMENT Deployment Manual
Hide thumbs
Also See for ENTERPRISE LINUX 5 - DEPLOYMENT:
- Manual (402 pages) ,
- Configuration (86 pages) ,
- Overview (68 pages)
Table of Contents
Advertisement
Chapter 43. Securing Your Network
network service is the xinetd super server. This service is called a super server because it controls
connections to a subset of network services and further refines access control.
Figure 43.9, "Access Control to Network Services"
is a basic illustration of how these tools work
together to protect network services.
Figure 43.9. Access Control to Network Services
This chapter focuses on the role of TCP Wrappers and xinetd in controlling access to network
services and reviews how these tools can be used to enhance both logging and utilization
Section 43.9, "IPTables"
management. Refer to
for information about using firewalls with iptables.
43.5.1. TCP Wrappers
The TCP Wrappers package (tcp_wrappers) is installed by default and provides host-based access
control to network services. The most important component within the package is the /usr/lib/
libwrap.a library. In general terms, a TCP-wrapped service is one that has been compiled against
the libwrap.a library.
When a connection attempt is made to a TCP-wrapped service, the service first references the host's
access files (/etc/hosts.allow and /etc/hosts.deny) to determine whether or not the client is
allowed to connect. In most cases, it then uses the syslog daemon (syslogd) to write the name of the
requesting client and the requested service to /var/log/secure or /var/log/messages.
652
Advertisement
Table of Contents
