TCP/IP Wrappings
Ok, I just learned how to set up TCP/IP wrappings so that you can secure your linux box. These are used to deny remote access through certain services.
The configuration files are /etc/hosts.allow and /etc/hosts.deny
Heres an example. Say you want to allow access to ssh to only certain hosts, or only certain hosts from a certain network.
first you edit the
/etc/hosts.deny
file with vi or emacs or whatever you choose, and insert a line at the end which reads:
sshd: all
sshd is the ssh deamon wich runs an ssh server on your computer. The sshd:all line denys all incoming requests to access the ssh server. The next step is to allow the particular hosts and network who you wish to be able to connect, so you edit the file
/etc/hosts.allow
you allow hosts and networks by adding the line
sshd: 192.168.1.45 10.4.3.
In doing this I have allowed the particular host with ip address 192.168.1.45 to connect and any host from the network 10.4.3 to connect.
Thats basically it, its not even necessary to restart the sshd service, Linux is just that great.
The configuration files are /etc/hosts.allow and /etc/hosts.deny
Heres an example. Say you want to allow access to ssh to only certain hosts, or only certain hosts from a certain network.
first you edit the
/etc/hosts.deny
file with vi or emacs or whatever you choose, and insert a line at the end which reads:
sshd: all
sshd is the ssh deamon wich runs an ssh server on your computer. The sshd:all line denys all incoming requests to access the ssh server. The next step is to allow the particular hosts and network who you wish to be able to connect, so you edit the file
/etc/hosts.allow
you allow hosts and networks by adding the line
sshd: 192.168.1.45 10.4.3.
In doing this I have allowed the particular host with ip address 192.168.1.45 to connect and any host from the network 10.4.3 to connect.
Thats basically it, its not even necessary to restart the sshd service, Linux is just that great.
