Mailinglist Archive: opensuse-security (232 mails)

< Previous Next >
Re: [suse-security] Re: portmap only for local interfaces
  • From: Polarizer <Polarizer@xxxxxxxxxx>
  • Date: Tue, 04 Oct 2005 11:31:53 +0200
  • Message-id: <20051004093133.038BF8252@xxxxxxxxxxx>
How can I make sure tcpwrapper is in use?

Check whether or not libwrap is in use.

ldd /sbin/portmap

Can I edit host.allow so only localhost can access? Will it give any

You have to look on all services that uses tcpwrapper (e.g. sshd)

I don't use nfs, I've disabled it, so don't know why does portmap gets

It's a good idea to deny access to any tcpwrapper enabled service via

# deny all

and then allow access to services for dedicated hosts via (example)

# allow access to/for
portmap :
mountd :
lockd :
statd :
rquotad :

If you dont use nfs/rpc disable it via yast's runlevel editor.

The polarizer

< Previous Next >
Follow Ups