From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1LND8t-0006wA-CW for garchives@archives.gentoo.org; Wed, 14 Jan 2009 21:19:15 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 28A38E02C3; Wed, 14 Jan 2009 21:18:03 +0000 (UTC) Received: from wf-out-1314.google.com (wf-out-1314.google.com [209.85.200.168]) by pigeon.gentoo.org (Postfix) with ESMTP id C5CB4E02C0 for ; Wed, 14 Jan 2009 21:18:01 +0000 (UTC) Received: by wf-out-1314.google.com with SMTP id 29so773494wff.10 for ; Wed, 14 Jan 2009 13:18:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=Uf+Z9L0yjpDgnDAWZ8WaiZI6zz5jhocNAmgzW5rqVDI=; b=rjdrFnGQkp2C8prGXJWRh7CgFDkzETEusUVZw2XNUgVQ6FhcLzRr+S2XTq91Yd3PCN AVrz9vVt6f9AinOUTVf1qdDzG/t8UnzhvoLIB79HDKQ4Sc4jeiHCBKJQKuZ2kXimyoRt Pc3TzKBSaMOavRJlcDCyLaGrhaI3BFq2pxSgw= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=KVBwjgy3oOHwM8F4rMW1AjZ2BZkGO2DUhgeDy8x/vPtMiZvfmx0V2u3S2rdlxSDGQE dSLFM+9P1wb5MOTtCOM6mvgClJrL0/jxKtmWXgzNWnNfO7uZarhslgkZRhOCKkCSx5fI xpFT735RXZYLGc3s9o/tWjp8Ppu39TUKggoHc= Received: by 10.142.51.4 with SMTP id y4mr30165wfy.106.1231967879969; Wed, 14 Jan 2009 13:17:59 -0800 (PST) Received: by 10.142.100.4 with HTTP; Wed, 14 Jan 2009 13:17:59 -0800 (PST) Message-ID: <5ee831cb0901141317m2c272a08kfcf39c6a577e9749@mail.gmail.com> Date: Wed, 14 Jan 2009 16:17:59 -0500 From: "Matt Drew" To: gentoo-security@lists.gentoo.org Subject: Re: [gentoo-security] TCP Wrapper Documentation In-Reply-To: Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-security@lists.gentoo.org Reply-to: gentoo-security@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: X-Archives-Salt: 48a4cbeb-8503-4593-8bd3-17cd836efd85 X-Archives-Hash: 3df71ef23412292efbaa8f5fd76652e2 I can think of three reasons: less clutter, less maintenance, and keeping the machine from wasting time parsing the file on busy systems that may have libwrap-enabled applications, but where no access controls have been configured. On Mon, Jan 12, 2009 at 7:32 PM, James Stull wrote: > Thank you for all the suggestions, they have been very helpful and I now > have my tcp wrappers up and running. > > Just out of curiosity, why doesn't the ebuild install /etc/hosts.allow/deny > with some basic configuration examples or at least empty files? > > > > On Mon, Jan 12, 2009 at 12:50 PM, brant williams wrote: >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA256 >> >> >> Hi there... >> >> You can also install the "DenyHosts" package, which will parse your syslog >> for failed ssh entries, and then update/maintain /etc/hosts.{allow,deny}. >> >> http://denyhosts.sourceforge.net/ >> >> You can run it as a daemon, or from within cron. >> >> hth >> - -brant >> >> brant williams >> FCAA CDCA 20BC 3925 D634 F5C4 7420 6784 4DEB 6002 >> >> >> >> On Sat, 10 Jan 2009, Chris O'Regan wrote: >> >>> Date: Sat, 10 Jan 2009 00:51:47 -0500 >>> From: Chris O'Regan >>> Reply-To: gentoo-security@lists.gentoo.org >>> To: gentoo-security@lists.gentoo.org >>> Subject: Re: [gentoo-security] TCP Wrapper Documentation >>> >>> Search for "tcp wrappers howto" on Google. Yes, this must be >>> maintained manually. I recommend to do away with /etc/host.deny and >>> have "ALL :ALL@ALL :deny" as the last line of /etc/hosts.allow. >>> >>> On Fri, Jan 9, 2009 at 11:51 PM, James Stull wrote: >>>> >>>> I have a gentoo desktop profile system and I would like to use tcp >>>> wrappers >>>> to secure certain services like ssh. I followed the documentation I >>>> could >>>> find from the security guide to install the ebuild but I don't have the >>>> /etc/hosts.allow or hosts.deny. Do I have to manually create these? Is >>>> their >>>> any other documentation available that I can use to help me install and >>>> configure it properly? >>>> >>>> Thanks for your help. >>>> >>> >>> >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v2.0.9 (GNU/Linux) >> >> iEYEAREIAAYFAklrgtkACgkQdCBnhE3rYAIsLQCgpLxynaOGVdxWlKh7YeOdpIC5 >> oggAnRFgIwBudFTonqx2/ABUSdzDWNLx >> =N70i >> -----END PGP SIGNATURE----- >> > >