Re: why is xinetd not installed by default in FC6?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2006-11-21 at 20:59 -0600, Paul Johnson wrote:
> One security tip I got years ago was to turn off all access by setting
> the file /etc/hosts.deny like this:
> 
> ALL:ALL
> 
> 
> And then in /etc/hosts.allow, I allow in only specific services and
> specific ip address ranges that I want to allow.  For example, I
> usually allow only ssh connections from a few specific places:
> 
> ALL: 127.0.0.1
> sshd: 24.124.
> sshd: 129.237.
> sshfwd-X11: 24.124.
> sshfwd-X11: 129.237.
> 
> This has served me well to keep out other users and protect myself
> from starting services that I don't want.
> 
> Now in FC6 I notice that xinetd is not installed and so these host
> files have no effect.  of course, I can install xinetd, but I'm
> suspecting that the FC6 designers want me to do something else in
> order to control access. How does one achieve the same effect without
> using xinetd?
> 
Maybe iptables?
Iptables can certainly be configured to do what you have listed above,
but not IMHO as easily nor as cleanly.  The syntax is different and so
somewhat harder to use.

However, that seems like throwing the baby out with the bathwater.  I
would think that having tcpwrappers (which is what uses the hosts.deny
and hosts.allow files) in effect was a good thing.

> 
> -- 
> Paul E. Johnson
> Professor, Political Science
> 1541 Lilac Lane, Room 504
> University of Kansas
> 


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux