Mailinglist Archive: opensuse-security (601 mails)
| < Previous | Next > |
Re: [suse-security] supplied firewall package robustness
- From: Gerd Bitzer <Gerd.Bitzer@xxxxxxxxx>
- Date: Mon, 21 Aug 2000 12:35:25 +0200
- Message-id: <39A105ED.6D7D862D@xxxxxxxxx>
Hi
Thomas Biege wrote:
....
> > Also, everything is deactivated in /etc/inetd.conf. /etc/hosts.deny is set to
> > ALL: ALL and /etc/hosts.allow is set to sshd: ALL. That's it. Am I pretty safe,
>
> uh, if you start sshd as standalone (not via inetd) it isn't protected by
> tcpd.
But it seems that in recent versions of sshd which is shipped on Suse's CD's that
libwrap support is linked in, so far sshd itself consults /etc/hosts.allow and/or
/etc/hosts.deny and decides if he should be called from a given IP adress.
Or am I wrong ?
>
>
Thomas Biege wrote:
....
> > Also, everything is deactivated in /etc/inetd.conf. /etc/hosts.deny is set to
> > ALL: ALL and /etc/hosts.allow is set to sshd: ALL. That's it. Am I pretty safe,
>
> uh, if you start sshd as standalone (not via inetd) it isn't protected by
> tcpd.
But it seems that in recent versions of sshd which is shipped on Suse's CD's that
libwrap support is linked in, so far sshd itself consults /etc/hosts.allow and/or
/etc/hosts.deny and decides if he should be called from a given IP adress.
Or am I wrong ?
>
>
| < Previous | Next > |