Table of Contents
Advertisement
Section 9.1:Purpose of TCP Wrappers
9 TCP Wrappers and xinetd
Controlling access to network services can be a challenge. Firewalls are useful for controlling access
in and out of a particular network, but they can be difficult to configure. TCP wrappers and xinetd
control access to services by hostname and IP addresses. In addition, these tools also include logging
and utilization management capabilities that are easy to configure.
9.1 Purpose of TCP Wrappers
Many modern network services, such as SSH, Telnet, and FTP, make use of TCP wrappers, a program
that is designed to stand between an incoming request and the requested service. TCP wrappers is
installed by default with a server-class installation of Red Hat Linux, providing many advantages over
running a variety of different services, each with their own access control methods.
The idea behind TCP wrappers is that, rather than allowing an incoming client connection to commu-
nicate directly with a network service daemon running as a separate process on a server system, the
target of the request is "wrapped" by another program, allowing a greater degree of access control and
logging of who is attempting to use the service.
The functionality behind TCP wrappers is provided by libwrap.a, a library that network services,
such as xinetd, sshd, and portmap, are compiled against. Additional network services, even
networking programs you may write, can be compiled again libwrap.a to provide this functionality.
Red Hat Linux bundles the necessary TCP wrapper programs and library in the tcp_wrappers-
<version> RPM file.
9.1.1 TCP Wrapper Advantages
When someone attempts to access a network service using TCP wrappers, a small wrapper program
reports the name of the service requested and the client's host information. The wrapper program
does not directly send any information back to the client, and after the access control directives are
satisfied, the wrapper gets out of the way, not placing any additional overhead on the communication
between the client and server.
TCP wrappers provide two basic advantages over other network service control techniques:
•
The connecting client is unaware that TCP wrappers are in use. Legitimate users will not no-
tice anything different, and attackers never receive any additional information about why their
attempted connections failed.
•
TCP wrappers operate in a manner that is separate from the applications the wrapper program
protects. This allows many applications to share a common set of configuration files for simpler
management.
145
Advertisement
Table of Contents
Related Manuals for Red Hat LINUX 7.2
Related Products for Red Hat LINUX 7.2
- Red Hat LINUX 7.1 - ISERIES
- Red Hat CLUSTER FOR ENTERPRISE LINUX 5.0
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 4.6
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 5.1
- Red Hat ENTERPRISE LINUX 3 - SECURITY GUIDE
- Red Hat ENTERPRISE LINUX 3 - USING BINUTILS
- Red Hat ENTERPRISE LINUX 4 - LVM ADMINISTRATOR
- Red Hat ENTERPRISE LINUX 4 - DEVELOPER TOOLS GUIDE
- Red Hat ENTERPRISE LINUX 5 - DM MULTIPATH
- Red Hat ENTERPRISE LINUX 4.5.0 -
- Red Hat ENTERPRISE LINUX 5.1 DM MULTIPATH
- Red Hat ENTERPRISE LINUX 5.1 - LVM ADMINISTRATION
- Red Hat ENTERPRISE LINUX 5.1 - LINUX ORACLE
- Red Hat ENTERPRISE LINUX 5.3 - RELEASE MANIFEST
- Red Hat ENTERPRISE LINUX 5.5 - S 2010
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 5.2
Need help?
Do you have a question about the LINUX 7.2 and is the answer not in the manual?
Questions and answers