9/19/2023 0 Comments App wrapper to spawn shells![]() ![]() The services in Table 11-2 are common services that most administrators offer on their Internet or intranet servers. See the "Compiling a Daemon List for non-Red Hat Distributions" sidebar for instructions on how to do this. Older systems or non-Red Hat-based distributions will need to compile their own list of such services. ![]() Table 11-2 is really only accurate for newer Red Hat- and Fedora Core-based systems. Xinetd 0:off 1:off 2:on 3:on 4:on 5:on 6:off ![]() The xinetd daemon itself can be viewed with the following command: Use iptables or daemon's own allow/deny features. Only runs bound to localhost (127.0.0.1). Use iptables' or daemon's own allow/deny features. Stand-alone daemon, no xinetd.Īpache/web (HyperText Transport Protocol) Table 11-2: Common Services' and Deaemon's Usage of libwrap You can see which services are xinetd-based with this command: Many of these services are controlled by the xinetd master daemon. The first column shows the service name, while the daemon name is the actual binary daemon name that you use in the /etc/hosts.allow and /etc/ny file. Table 11-2 shows common services and daemons, with notes that are critical when configuring your services in /etc/hosts.allow and /etc/ny. This will help prevent you from defining conflicting rules across the two mechanisms and potentially save your hours of chasing down ghosts when troubleshooting service-related issues. If you control client access with TCP wrappers, keep as much of your client control data in the /etc/hosts.allow and /etc/ny files as you can, rather than spreading it across both TCP wrappers and iptables. Many application server administrators use the TCP wrappers /etc/hosts.allow and /etc/ny files to control daemon access from one easy-to-view area, then use iptables for more advanced state-based, filter, and packet-level service control (of course, you can use iptables for all of this if you prefer.) As we explained, TCP wrappers is a good choice for a single-homed/stand-alone server on a secure network where you want to limit host/network access to just a couple of services. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |