In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-09-24 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)06/01 Report--
TCP Wrappers access control
In Linux system, many network services provide some access control mechanism for clients, such as Samba, BIND, HTTPD, OpenSSH, etc., while TCP Wrappers (TCP envelope) provides additional security as a special line of defense between application services and the network.
The software package tcp_wrappers-7.6-57.el6.x86_64 is used in RHEL6.5, which provides two ways to implement the TCP Wrappers protection mechanism: the executor tcpd and the shared link library file libwrap.so.*,-directly use tcpd programs to protect other service programs, and need to run tcpd. Libwrap.so.* link libraries are called by other network service programs, and there is no need to run tcpd programs.
View method:
TCP Wrappers access policy: two files / etc/hosts.allow and / etc/hosts.deny are used to set the allow and deny policies, respectively.
Basic principles of access control:
With regard to the access policy of the TCP Wrappers mechanism, the following order and principles should be followed when applied: first check the / etc/hosts.allow file, and if a matching policy is found, access is allowed, otherwise continue to find the / etc/hosts.deny file, if a matching policy is found, access is denied; if neither of the above two files is found, access is allowed.
TCP Wrappers configuration instance
The looser policy can be "allow all, reject the individual", and the stricter policy is "allow the individual, reject all". The former only needs to add the corresponding deny policy to the hosts.allow file, while the latter needs to set the deny policy of "ALL:ALL" in the hosts.deny file in addition to adding the allow policy in the hosts.allow.
For example, you only want to access the sshd service from a host in 192.168.1.2 or a host in the 192.168.1.0 Universe 24 network segment, and if other addresses are denied, you can do the following
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
The market share of Chrome browser on the desktop has exceeded 70%, and users are complaining about
The world's first 2nm mobile chip: Samsung Exynos 2600 is ready for mass production.According to a r
A US federal judge has ruled that Google can keep its Chrome browser, but it will be prohibited from
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
About us Contact us Product review car news thenatureplanet
More Form oMedia: AutoTimes. Bestcoffee. SL News. Jarebook. Coffee Hunters. Sundaily. Modezone. NNB. Coffee. Game News. FrontStreet. GGAMEN
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
