Mailinglist Archive: opensuse-security (232 mails)

< Previous Next >
Re: [suse-security] Re: portmap only for local interfaces
  • From: Polarizer <Polarizer@xxxxxxxxxx>
  • Date: Tue, 04 Oct 2005 11:31:53 +0200
  • Message-id: <20051004093133.038BF8252@xxxxxxxxxxx>
How can I make sure tcpwrapper is in use?

Check whether or not libwrap is in use.

ldd /sbin/portmap

Can I edit host.allow so only localhost can access? Will it give any
trouble?

You have to look on all services that uses tcpwrapper (e.g. sshd)

I don't use nfs, I've disabled it, so don't know why does portmap gets
on...

It's a good idea to deny access to any tcpwrapper enabled service via

/etc/hosts.deny
# deny all
ALL : ALL

and then allow access to services for dedicated hosts via (example)

/etc/hosts.allow
# allow access to/for
portmap : 127.0.0.1/255.0.0.0
mountd : 127.0.0.1/255.0.0.0
lockd : 127.0.0.1/255.0.0.0
statd : 127.0.0.1/255.0.0.0
rquotad : 127.0.0.1/255.0.0.0

If you dont use nfs/rpc disable it via yast's runlevel editor.

The polarizer
http://www.codixx.de/polarizer.html

< Previous Next >
Follow Ups