[techtalk] Security techniques ( Redhat 6.2 question)
Beverly Guillermo
mezanin at home.com
Tue May 23 21:34:55 EST 2000
On Tue, 23 May 2000, Alex Yan wrote:
> I think that the hosts.allow and hosts.deny files are both used by
> tcpd, and if she's not running inetd, then she's probably not running
> anything with the tcpd wrapper, in which case, whatever remaining
> services she has won't use those files for keeping out intruders.
>
> This is the way I think it works:
>
> inetd: looks up all the services in inetd.conf and connects them to
> their respective ports
>
> tcpd: a wrapper for running those services, which reads hosts.allow
> and hosts.deny to determine whether a client has permissions
> to connect to that service. tcpd is usually invoked in
> inetd.conf:
>
> telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd
>
> in.telnetd: one of the services that is run, wrapped by tcpd, managed
> by inetd.
>
> So theoretically, one could run those services with the tcpd wrapper
> directly, which would still give you that nice security layer. But I
> don't know how to do that. :)
True. I did forget to mention that part, didn't I? Most integral
services can use the tcpwrapper, and I recommend using them if you're
going to use services like telnetd, fingerd, ftpd, etc..
That's another thing, I recommend using secure alternatives to those
services. The only thing I can think of right now is ssh instead of
telnet or rlogin... =)
> I hope I didn't confuse anyone.
Not here. =)
Beverly
More information about the Techtalk
mailing list