Anyone using this to tighten the security on the service console? Any potential issues with this approach?
Hello,
Absolutely I do. Also somethings are not covered by hosts.allow/hosts.deny. Discreet modification of the iptables rules is required.
Best regards,
Edward
So you basically do a deny all and just allow particular hosts into ssh and VC to access the vmware daemon?
Well, vmware daemon is not covered by hosts.allow, but yes on ssh, https, http, etc.
Best regards,
Edward
does any of you guys have any documentation on the tcpwrappers?
Here is a link from Red Hat with some info
http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/ref-guide/s1-tcpwrappers-access.html
Hello,
You should look at the following for tcp_wrappers.
For hosts.allow/hosts.deny:
man hosts_access
Generally you have rules in hosts.allow to open up things for specific ports from specific hosts/networks. And in hosts.deny the line: ALL: ALL
For xinetd only_from line, which contains a list of allowed networks/systems:
man xinetd.conf
Best regards,
Edward