Re: why is xinetd not installed by default in FC6?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Jeff Vian wrote:
> On Tue, 2006-11-21 at 20:59 -0600, Paul Johnson wrote:
>> One security tip I got years ago was to turn off all access by setting
>> the file /etc/hosts.deny like this:
>>
>> ALL:ALL
>>
>>
>> And then in /etc/hosts.allow, I allow in only specific services and
>> specific ip address ranges that I want to allow.  For example, I
>> usually allow only ssh connections from a few specific places:
>>
>> ALL: 127.0.0.1
>> sshd: 24.124.
>> sshd: 129.237.
>> sshfwd-X11: 24.124.
>> sshfwd-X11: 129.237.
>>
>> This has served me well to keep out other users and protect myself
>> from starting services that I don't want.
>>
>> Now in FC6 I notice that xinetd is not installed and so these host
>> files have no effect.  of course, I can install xinetd, but I'm
>> suspecting that the FC6 designers want me to do something else in
>> order to control access. How does one achieve the same effect without
>> using xinetd?
>>
> Maybe iptables?
> Iptables can certainly be configured to do what you have listed above,
> but not IMHO as easily nor as cleanly.  The syntax is different and so
> somewhat harder to use.
> 
> However, that seems like throwing the baby out with the bathwater.  I
> would think that having tcpwrappers (which is what uses the hosts.deny
> and hosts.allow files) in effect was a good thing.
> 

yum install firestarter

-- 

  Steve


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux