* [gentoo-security] TCP Wrapper Documentation @ 2009-01-10 4:51 James Stull 2009-01-10 5:51 ` Chris O'Regan 0 siblings, 1 reply; 5+ messages in thread From: James Stull @ 2009-01-10 4:51 UTC (permalink / raw To: gentoo-security [-- Attachment #1: Type: text/plain, Size: 417 bytes --] I have a gentoo desktop profile system and I would like to use tcp wrappers to secure certain services like ssh. I followed the documentation I could find from the security guide to install the ebuild but I don't have the /etc/hosts.allow or hosts.deny. Do I have to manually create these? Is their any other documentation available that I can use to help me install and configure it properly? Thanks for your help. [-- Attachment #2: Type: text/html, Size: 432 bytes --] ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [gentoo-security] TCP Wrapper Documentation 2009-01-10 4:51 [gentoo-security] TCP Wrapper Documentation James Stull @ 2009-01-10 5:51 ` Chris O'Regan 2009-01-12 17:50 ` brant williams 0 siblings, 1 reply; 5+ messages in thread From: Chris O'Regan @ 2009-01-10 5:51 UTC (permalink / raw To: gentoo-security Search for "tcp wrappers howto" on Google. Yes, this must be maintained manually. I recommend to do away with /etc/host.deny and have "ALL :ALL@ALL :deny" as the last line of /etc/hosts.allow. On Fri, Jan 9, 2009 at 11:51 PM, James Stull <rivitir@gmail.com> wrote: > I have a gentoo desktop profile system and I would like to use tcp wrappers > to secure certain services like ssh. I followed the documentation I could > find from the security guide to install the ebuild but I don't have the > /etc/hosts.allow or hosts.deny. Do I have to manually create these? Is their > any other documentation available that I can use to help me install and > configure it properly? > > Thanks for your help. > ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [gentoo-security] TCP Wrapper Documentation 2009-01-10 5:51 ` Chris O'Regan @ 2009-01-12 17:50 ` brant williams 2009-01-13 0:32 ` James Stull 0 siblings, 1 reply; 5+ messages in thread From: brant williams @ 2009-01-12 17:50 UTC (permalink / raw To: gentoo-security -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi there... You can also install the "DenyHosts" package, which will parse your syslog for failed ssh entries, and then update/maintain /etc/hosts.{allow,deny}. http://denyhosts.sourceforge.net/ You can run it as a daemon, or from within cron. hth - -brant brant williams FCAA CDCA 20BC 3925 D634 F5C4 7420 6784 4DEB 6002 On Sat, 10 Jan 2009, Chris O'Regan wrote: > Date: Sat, 10 Jan 2009 00:51:47 -0500 > From: Chris O'Regan <chris.oregan@gmail.com> > Reply-To: gentoo-security@lists.gentoo.org > To: gentoo-security@lists.gentoo.org > Subject: Re: [gentoo-security] TCP Wrapper Documentation > > Search for "tcp wrappers howto" on Google. Yes, this must be > maintained manually. I recommend to do away with /etc/host.deny and > have "ALL :ALL@ALL :deny" as the last line of /etc/hosts.allow. > > On Fri, Jan 9, 2009 at 11:51 PM, James Stull <rivitir@gmail.com> wrote: >> I have a gentoo desktop profile system and I would like to use tcp wrappers >> to secure certain services like ssh. I followed the documentation I could >> find from the security guide to install the ebuild but I don't have the >> /etc/hosts.allow or hosts.deny. Do I have to manually create these? Is their >> any other documentation available that I can use to help me install and >> configure it properly? >> >> Thanks for your help. >> > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEAREIAAYFAklrgtkACgkQdCBnhE3rYAIsLQCgpLxynaOGVdxWlKh7YeOdpIC5 oggAnRFgIwBudFTonqx2/ABUSdzDWNLx =N70i -----END PGP SIGNATURE----- ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [gentoo-security] TCP Wrapper Documentation 2009-01-12 17:50 ` brant williams @ 2009-01-13 0:32 ` James Stull 2009-01-14 21:17 ` Matt Drew 0 siblings, 1 reply; 5+ messages in thread From: James Stull @ 2009-01-13 0:32 UTC (permalink / raw To: gentoo-security [-- Attachment #1: Type: text/plain, Size: 1995 bytes --] Thank you for all the suggestions, they have been very helpful and I now have my tcp wrappers up and running. Just out of curiosity, why doesn't the ebuild install /etc/hosts.allow/deny with some basic configuration examples or at least empty files? On Mon, Jan 12, 2009 at 12:50 PM, brant williams <brant@tnarb.net> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > > Hi there... > > You can also install the "DenyHosts" package, which will parse your syslog > for failed ssh entries, and then update/maintain /etc/hosts.{allow,deny}. > > http://denyhosts.sourceforge.net/ > > You can run it as a daemon, or from within cron. > > hth > - -brant > > brant williams > FCAA CDCA 20BC 3925 D634 F5C4 7420 6784 4DEB 6002 > > > > On Sat, 10 Jan 2009, Chris O'Regan wrote: > > Date: Sat, 10 Jan 2009 00:51:47 -0500 >> From: Chris O'Regan <chris.oregan@gmail.com> >> Reply-To: gentoo-security@lists.gentoo.org >> To: gentoo-security@lists.gentoo.org >> Subject: Re: [gentoo-security] TCP Wrapper Documentation >> >> >> Search for "tcp wrappers howto" on Google. Yes, this must be >> maintained manually. I recommend to do away with /etc/host.deny and >> have "ALL :ALL@ALL :deny" as the last line of /etc/hosts.allow. >> >> On Fri, Jan 9, 2009 at 11:51 PM, James Stull <rivitir@gmail.com> wrote: >> >>> I have a gentoo desktop profile system and I would like to use tcp >>> wrappers >>> to secure certain services like ssh. I followed the documentation I could >>> find from the security guide to install the ebuild but I don't have the >>> /etc/hosts.allow or hosts.deny. Do I have to manually create these? Is >>> their >>> any other documentation available that I can use to help me install and >>> configure it properly? >>> >>> Thanks for your help. >>> >>> >> >> -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.9 (GNU/Linux) > > iEYEAREIAAYFAklrgtkACgkQdCBnhE3rYAIsLQCgpLxynaOGVdxWlKh7YeOdpIC5 > oggAnRFgIwBudFTonqx2/ABUSdzDWNLx > =N70i > -----END PGP SIGNATURE----- > > [-- Attachment #2: Type: text/html, Size: 3050 bytes --] ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [gentoo-security] TCP Wrapper Documentation 2009-01-13 0:32 ` James Stull @ 2009-01-14 21:17 ` Matt Drew 0 siblings, 0 replies; 5+ messages in thread From: Matt Drew @ 2009-01-14 21:17 UTC (permalink / raw To: gentoo-security I can think of three reasons: less clutter, less maintenance, and keeping the machine from wasting time parsing the file on busy systems that may have libwrap-enabled applications, but where no access controls have been configured. On Mon, Jan 12, 2009 at 7:32 PM, James Stull <rivitir@gmail.com> wrote: > Thank you for all the suggestions, they have been very helpful and I now > have my tcp wrappers up and running. > > Just out of curiosity, why doesn't the ebuild install /etc/hosts.allow/deny > with some basic configuration examples or at least empty files? > > > > On Mon, Jan 12, 2009 at 12:50 PM, brant williams <brant@tnarb.net> wrote: >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA256 >> >> >> Hi there... >> >> You can also install the "DenyHosts" package, which will parse your syslog >> for failed ssh entries, and then update/maintain /etc/hosts.{allow,deny}. >> >> http://denyhosts.sourceforge.net/ >> >> You can run it as a daemon, or from within cron. >> >> hth >> - -brant >> >> brant williams >> FCAA CDCA 20BC 3925 D634 F5C4 7420 6784 4DEB 6002 >> >> >> >> On Sat, 10 Jan 2009, Chris O'Regan wrote: >> >>> Date: Sat, 10 Jan 2009 00:51:47 -0500 >>> From: Chris O'Regan <chris.oregan@gmail.com> >>> Reply-To: gentoo-security@lists.gentoo.org >>> To: gentoo-security@lists.gentoo.org >>> Subject: Re: [gentoo-security] TCP Wrapper Documentation >>> >>> Search for "tcp wrappers howto" on Google. Yes, this must be >>> maintained manually. I recommend to do away with /etc/host.deny and >>> have "ALL :ALL@ALL :deny" as the last line of /etc/hosts.allow. >>> >>> On Fri, Jan 9, 2009 at 11:51 PM, James Stull <rivitir@gmail.com> wrote: >>>> >>>> I have a gentoo desktop profile system and I would like to use tcp >>>> wrappers >>>> to secure certain services like ssh. I followed the documentation I >>>> could >>>> find from the security guide to install the ebuild but I don't have the >>>> /etc/hosts.allow or hosts.deny. Do I have to manually create these? Is >>>> their >>>> any other documentation available that I can use to help me install and >>>> configure it properly? >>>> >>>> Thanks for your help. >>>> >>> >>> >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v2.0.9 (GNU/Linux) >> >> iEYEAREIAAYFAklrgtkACgkQdCBnhE3rYAIsLQCgpLxynaOGVdxWlKh7YeOdpIC5 >> oggAnRFgIwBudFTonqx2/ABUSdzDWNLx >> =N70i >> -----END PGP SIGNATURE----- >> > > ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2009-01-14 21:19 UTC | newest] Thread overview: 5+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2009-01-10 4:51 [gentoo-security] TCP Wrapper Documentation James Stull 2009-01-10 5:51 ` Chris O'Regan 2009-01-12 17:50 ` brant williams 2009-01-13 0:32 ` James Stull 2009-01-14 21:17 ` Matt Drew
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox