TCP WRAPPER Services

Services which contain libwrap module can use hosts.deny to control Access
ldd  /usr/sbin/vsftpd    |grep libwrap
ldd  /usr/sbin/sendmail  |grep libwrap
ldd  /usr/sbin/sshd      |grep libwrap

To Restrict a host/network  to control access to a Service.

1.  Using Hostname/Domainname
vim /etc/hosts.deny
vsftpd  .example.com                     ->All hosts in example.com domain denied to access ftp
vsftpd  server.example.com                ->Host server in example.com denied to access

2.  Using  Ipaddress/Network
vim /etc/hosts.deny
vsftpd  192.168.1.0/255.255.255.0         ->All hosts in 1.0 N/W denied.
vsftpd  192.168.1.4                       ->Host 1.4 denied.

3.  To  Deny all Except few
vim /etc/hosts.deny
sshd: ALL  EXCEPT   matrix.com            ->Any domain other than matrix.com are denied the Access to ssh.

4. To  Allow all Except few
vim /etc/hosts.allow
ALL:  .example.com  EXCEPT  cracker.example.com  ->All example.com hosts are allowed to connect to all services except cracker.example.com.

Both entries allow/deny can be given in either hosts.allow or hosts.deny file

Advertisements