using TCP wrappers and hosts.allow

jurajfox · ‎08-03-2007

Anyone using this to tighten the security on the service console? Any potential issues with this approach?

Texiwill · ‎08-03-2007

Hello,

Absolutely I do. Also somethings are not covered by hosts.allow/hosts.deny. Discreet modification of the iptables rules is required.

Best regards,

Edward

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill

jurajfox · ‎08-03-2007

So you basically do a deny all and just allow particular hosts into ssh and VC to access the vmware daemon?

Texiwill · ‎08-03-2007

Well, vmware daemon is not covered by hosts.allow, but yes on ssh, https, http, etc.

Best regards,

Edward

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill

stevewalker · ‎08-20-2007

does any of you guys have any documentation on the tcpwrappers?

petedr · ‎08-20-2007

Here is a link from Red Hat with some info

http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/ref-guide/s1-tcpwrappers-access.html

www.thevirtualheadline.com www.liquidwarelabs.com

Texiwill · ‎08-21-2007

Hello,

You should look at the following for tcp_wrappers.

For hosts.allow/hosts.deny:

man hosts_access

Generally you have rules in hosts.allow to open up things for specific ports from specific hosts/networks. And in hosts.deny the line: ALL: ALL

For xinetd only_from line, which contains a list of allowed networks/systems:

man xinetd.conf

Best regards,

Edward

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill

All

using TCP wrappers and hosts.allow