Re: /etc/hosts.deny
Hello Mario,
* Mario Vukelic wrote:
> On 08 Apr 2001 14:41:47 -0700, Tyrin Price wrote:
>
> > Here are some examples commented out :-)
> >
> > #:RPC: RPC based services
> > #mountd/1 dgram rpc/udp wait root /usr/sbin/tcpd /usr/sbin/rpc.mountd
> > #rstatd/1-3 dgram rpc/udp wait root /usr/sbin/tcpd /usr/sbin/rpc.rstatd
> > #rusersd/2-3 dgram rpc/udp wait root /usr/sbin/tcpd /usr/sbin/rpc.rusersd
> > #walld/1 dgram rpc/udp wait root /usr/sbin/tcpd /usr/sbin/rpc.rwalld
>
> Wow, thanks a lot!
I think this is interesting for you, too:
6.1 - Known wrapper limitations
-------------------------------
Many UDP (and rpc/udp) daemons linger around for a while after they
have serviced a request, just in case another request comes in. In the
inetd configuration file these daemons are registered with the `wait'
option. Only the request that started such a daemon will be seen by the
wrappers. Such daemons are better protected with the securelib shared
library (see: Related software).
The wrappers do not work with RPC services over TCP. These services are
registered as rpc/tcp in the inetd configuration file. The only non-
trivial service that is affected by this limitation is rexd, which is
used by the on(1) command. This is no great loss. On most systems,
rexd is less secure than a wildcard in /etc/hosts.equiv.
/usr/share/doc/libwrap0/README.gz
bye
Waldemar
--
* A good website for linuxsoftware: | (o_ *
* http://www.freshmeat.net | //\ *
* Linux rulez! ;-) | V_/_ *
* GnuPG-Key: 0xBE21BD90 | Tux: #155220 | ICQ: 64035650 *
Reply to: