Re: ALL: PARANOID from /etc/hosts.deny ...

To: debian-devel@lists.debian.org
Subject: Re: ALL: PARANOID from /etc/hosts.deny ...
From: Igor Mozetic <igor.mozetic@uni-mb.si>
Date: Thu, 19 Apr 2001 12:33:41 +0200
Message-id: <[🔎] 15070.48901.778713.696307@ravan.camtp.uni-mb.si>

While /etc/hosts.deny is easy (I always use ALL: ALL), the real
problem is /etc/hosts.allow. The issue is that there is an
increasing number of services not run from inetd for which it 
is not clear 1)if they are wrapped, 2)what daemon name to use?
Some examples:
- netbios-ssn, netbios-ns service names, but one must use the
  binary names smbd, nmbd
- rpc.mountd binary, but one must use mountd daemon name
- rsync, apparently cannot be wrapped even when run from inetd
- ntpd, apparently not wrapped and without own access control
  (but there was a recent remote exploit)
- printer, apparently not wrapped but with own access control
- sendmail, apparently wrapped, the only package I noticed
  to add itself to /etc/hosts.{deny,allow}

Since tcp-wrappers are one important defense line it would be
very helpful to admins if this info is centrally available
(which is probably undoable), or at least that individual packages
are documented in README.Debian (like sendmail).

-Igor Mozetic

Reply to:

Follow-Ups:
- Re: ALL: PARANOID from /etc/hosts.deny ...
  - From: Wichert Akkerman <wichert@cistron.nl>
- Re: ALL: PARANOID from /etc/hosts.deny ...
  - From: John Galt <galt@inconnu.isu.edu>

Prev by Date: Re: kernel-{image,headers} package bloat
Next by Date: Re: ALL: PARANOID from /etc/hosts.deny ...
Previous by thread: Re: your mail
Next by thread: Re: ALL: PARANOID from /etc/hosts.deny ...
Index(es):
- Date
- Thread