LPI Linux Certification/TCP wrappers

Detailed Objective
Weight: 1

Description: Candidates should be able to configure tcpwrappers to allow connections to specified servers only from certain hosts or subnets.


 * Key knowledge area(s):
 * tcpwrappers configuration files, tools and utilities
 * (x)inetd configuration files, tools and utilities


 * The following is a partial list of the used files, terms and utilities:
 * /etc/xinetd.conf
 * /etc/xinetd.d/*
 * /etc/inetd.conf
 * tcpd
 * /etc/hosts.allow
 * /etc/hosts.deny

Overview
Description: The candidate should be able to configure tcpwrappers to allow connections to specified servers from only certain hosts or subnets.

Key files, terms, and utilities include:

inetd.conf, tcpd hosts.allow, hosts.deny xinetd

TCP_wrappers
The TCP wrapper is a system to control access to network services For each service protected by TCP wrappers, the tcpd program is used and consults 2 files where access rights are defined, in search order :

/etc/hosts.deny: if a rule here is met, access is denied /etc/hosts.allow: if a rule here is met, access is allowed

Rules are constructed to match all services or specific services. If no match occurs in the two files, access is granted.

It is common to set specific rules in /etc/hosts.allow, and provide a blanket denial in /etc/hosts.deny (i.e deny everything except when specifically allowed) Rules format are :

[list of services] : [list of hosts]

i.e : deny all incoming requests except FTP from the local domain

/etc/hosts.allow : ftp : LOCAL

/etc/hosts.deny : ALL : ALL