Red Hat ENTERPRISE LINUX 5 - DEPLOYMENT Deployment Manual page 681
Hide thumbs
Also See for ENTERPRISE LINUX 5 - DEPLOYMENT:
- Manual (402 pages) ,
- Configuration (86 pages) ,
- Overview (68 pages)
Table of Contents
Advertisement
• <option> — An optional action or colon-separated list of actions performed when the rule is
triggered. Option fields support expansions, launch shell commands, allow or deny access, and alter
logging behavior.
Note
More information on the specialist terms above can be found elsewhere in this Guide:
Section 43.5.2.1.1, "Wildcards"
•
Section 43.5.2.1.2, "Patterns"
•
Section 43.5.2.2.4, "Expansions"
•
Section 43.5.2.2, "Option Fields"
•
The following is a basic sample hosts access rule:
vsftpd : .example.com
This rule instructs TCP Wrappers to watch for connections to the FTP daemon (vsftpd) from any
host in the example.com domain. If this rule appears in hosts.allow, the connection is accepted. If
this rule appears in hosts.deny, the connection is rejected.
The next sample hosts access rule is more complex and uses two option fields:
sshd : .example.com
Note that each option field is preceded by the backslash (\). Use of the backslash prevents failure of
the rule due to length.
This sample rule states that if a connection to the SSH daemon (sshd) is attempted from a host in the
example.com domain, execute the echo command to append the attempt to a special log file, and
deny the connection. Because the optional deny directive is used, this line denies access even if it
appears in the hosts.allow file. Refer to
available options.
43.5.2.1.1. Wildcards
Wildcards allow TCP Wrappers to more easily match groups of daemons or hosts. They are used
most frequently in the client list field of access rules.
The following wildcards are available:
• ALL — Matches everything. It can be used for both the daemon list and the client list.
• LOCAL — Matches any host that does not contain a period (.), such as localhost.
• KNOWN — Matches any host where the hostname and host address are known or where the user is
known.
• UNKNOWN — Matches any host where the hostname or host address are unknown or where the user
is unknown.
\ : spawn /bin/echo `/bin/date` access denied>>/var/log/sshd.log \ : deny
Section 43.5.2.2, "Option Fields"
TCP Wrappers Configuration Files
for a more detailed look at
655
Advertisement
Table of Contents
Related Manuals for Red Hat ENTERPRISE LINUX 5 - DEPLOYMENT
Related Products for Red Hat ENTERPRISE LINUX 5 - DEPLOYMENT
- Red Hat CLUSTER FOR ENTERPRISE LINUX 5.0
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 5.1
- Red Hat ENTERPRISE LINUX 5 - DM MULTIPATH
- Red Hat ENTERPRISE LINUX 5.1 DM MULTIPATH
- Red Hat ENTERPRISE LINUX 5.1 - LVM ADMINISTRATION
- Red Hat ENTERPRISE LINUX 5.1 - LINUX ORACLE
- Red Hat ENTERPRISE LINUX 5.3 - RELEASE MANIFEST
- Red Hat ENTERPRISE LINUX 5.5 - S 2010
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 5.2
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 4.5
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 4.7
- Red Hat ENTERPRISE LINUX 3 - SECURITY GUIDE
- Red Hat ENTERPRISE LINUX 3 - USING BINUTILS
- Red Hat ENTERPRISE LINUX 3 - STEP BY STEP GUIDE
- Red Hat ENTERPRISE LINUX 4 - DM MULTIPATH
- Red Hat ENTERPRISE LINUX 4.5.0 -