Re: [suse-security] Re: portmap only for local interfaces
How can I make sure tcpwrapper is in use?
Check whether or not libwrap is in use. ldd /sbin/portmap
Can I edit host.allow so only localhost can access? Will it give any trouble?
You have to look on all services that uses tcpwrapper (e.g. sshd)
I don't use nfs, I've disabled it, so don't know why does portmap gets on...
It's a good idea to deny access to any tcpwrapper enabled service via /etc/hosts.deny # deny all ALL : ALL and then allow access to services for dedicated hosts via (example) /etc/hosts.allow # allow access to/for portmap : 127.0.0.1/255.0.0.0 mountd : 127.0.0.1/255.0.0.0 lockd : 127.0.0.1/255.0.0.0 statd : 127.0.0.1/255.0.0.0 rquotad : 127.0.0.1/255.0.0.0 If you dont use nfs/rpc disable it via yast's runlevel editor. The polarizer http://www.codixx.de/polarizer.html
On Tue, 4 Oct 2005, Polarizer wrote:
/etc/hosts.deny # deny all ALL : ALL
And if one want's got receive notification on misuse try ALL: ALL: spawn ( /usr/local/lib/tcpwrapper/counterintelligence/finger_and_trace route -a %a -i %c -s %d -n %h | mail -s "%d-%h offence" security@localhost) & (Script attached). Best regards Henning Hucke -- What fools these morals be!
participants (2)
-
Henning Hucke -
Polarizer