Re: why is xinetd not installed by default in FC6?
- From: Steven Stern <subscribed-lists@xxxxxxxxxxxxx>
- Date: Tue, 21 Nov 2006 22:16:35 -0600
Jeff Vian wrote:
On Tue, 2006-11-21 at 20:59 -0600, Paul Johnson wrote:
One security tip I got years ago was to turn off all access by settingMaybe iptables?
the file /etc/hosts.deny like this:
ALL:ALL
And then in /etc/hosts.allow, I allow in only specific services and
specific ip address ranges that I want to allow. For example, I
usually allow only ssh connections from a few specific places:
ALL: 127.0.0.1
sshd: 24.124.
sshd: 129.237.
sshfwd-X11: 24.124.
sshfwd-X11: 129.237.
This has served me well to keep out other users and protect myself
from starting services that I don't want.
Now in FC6 I notice that xinetd is not installed and so these host
files have no effect. of course, I can install xinetd, but I'm
suspecting that the FC6 designers want me to do something else in
order to control access. How does one achieve the same effect without
using xinetd?
Iptables can certainly be configured to do what you have listed above,
but not IMHO as easily nor as cleanly. The syntax is different and so
somewhat harder to use.
However, that seems like throwing the baby out with the bathwater. I
would think that having tcpwrappers (which is what uses the hosts.deny
and hosts.allow files) in effect was a good thing.
yum install firestarter
--
Steve
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
- References:
- why is xinetd not installed by default in FC6?
- From: Paul Johnson
- Re: why is xinetd not installed by default in FC6?
- From: Jeff Vian
- why is xinetd not installed by default in FC6?
- Prev by Date: Re: Kernel Rebuilding
- Next by Date: FC6 desktop effects cut of in widescreen resolution 1280x800 using Radeon Mobility 9200 card
- Previous by thread: Re: why is xinetd not installed by default in FC6?
- Next by thread: Re: why is xinetd not installed by default in FC6?
- Index(es):
Relevant Pages
|
