Chapter 8.


TCP Wrappers and


xinetd


Controlling access to network services can be a challenge. Firewalls are useful for controlling access


in and out of a particular network, but they can be difficult to configure. TCP wrappers and


xinetd


control access to services by hostname and IP addresses. In addition, these tools also include logging


and utilization management capabilities that are easy to configure.


8.1. What Are TCP Wrappers?


TCP wrappers is installed by default with a server class installation of Red Hat Linux 8.0, and provides


access control to a variety of services. Most modern network services, such as SSH, Telnet, and FTP,


make use of TCP wrappers, a program that is designed to stand guard between an incoming request


and the requested service.


The idea behind TCP wrappers is that client requests to server applications are "wrapped" by an


authenticating service, allowing a greater degree of access control and logging for anyone attempting


to use the service.


The functionality behind TCP wrappers is provided by


libwrap.a


, a library that network services,


such as


xinetd


,


sshd


, and


portmap


, are compiled against. Additional network services, even net 


working programs you may write, can be compiled against


libwrap.a


to provide this functionality.


Red Hat Linux bundles the necessary TCP wrapper programs and library in the


tcp_wrappers 


B


version


RPM file.


C


8.1.1. TCP Wrapper Advantages


When a user attempts to gain client access to a network service that is using TCP wrappers, a small


wrapper program reports the name of the service requested and the client's host information. The


wrapper program does not directly send any information back to the client, and after the access control


directives are satisfied, the wrapper is unloaded and frees up its resources. The client and the server


can then resume actions without further wrapper intervention.


TCP wrappers provide two basic advantages over other network service control techniques:


The connecting client is unaware that TCP wrappers are in use.   Legitimate users will not notice


anything different, and attackers never receive any additional information about why their attempted


connections have failed.


TCP wrappers operate separately from the applications the wrapper program protects.   This


allows many server applications to share a common set of configuration files for simpler manage 


ment.


8.2. Host Based Access Control Lists


Host based access for services that use TCP wrappers is controlled by two files:


/etc/hosts.allow


and


/etc/hosts.deny


. These file use a simple format to control access to services on a server.


If no rules are specified in either


hosts.allow


or


hosts.deny


, then the default rule is to allow


anyone to access to the services.


Order is important since rules in


hosts.allow


take precedence over rules specified in


hosts.deny


.


Even if a rule specifically denying all access to a particular service is defined in


hosts.deny


, hosts








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      tomcat hosting

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Jsp Hosting
Cheap Hosting



Visionwebhosting.net Business web hosting division of Web 
Design Plus. All rights reserved