hosts.allow / hosts.deny question
Results 1 to 6 of 6

Thread: hosts.allow / hosts.deny question

  1. #1
    Member
    Join Date
    Feb 2002
    Posts
    83

    hosts.allow / hosts.deny question

    Hey guys.
    I'm running RedHat 7.3 and I am trying to set up the hosts.allow/deny files in /etc. Here's what I have so far...

    hosts.deny:
    -this is blank because it auto blocks everything

    hosts.allow:
    ftpd, sshd: LOCAL, 10.194.30.245

    Now I want to set it so that hosts.allow also includes allowing everyone to access apache, but I dont know the acronym for it. www doesn't work, http-www doesn't work, and so on. Could anyone please enlighten me?

    Thanks.
    To be God is to be Root, if someone is erking you just type: rm -d /home/heathen

  2. #2

  3. #3
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324

    Re: hosts.allow / hosts.deny question

    Originally posted here by Midridth
    Hey guys.
    I'm running RedHat 7.3 and I am trying to set up the hosts.allow/deny files in /etc. Here's what I have so far...

    hosts.deny:
    -this is blank because it auto blocks everything

    hosts.allow:
    ftpd, sshd: LOCAL, 10.194.30.245

    Now I want to set it so that hosts.allow also includes allowing everyone to access apache, but I dont know the acronym for it. www doesn't work, http-www doesn't work, and so on. Could anyone please enlighten me?

    Thanks.
    Umm. You may want to re-check that. Do a man on hosts.deny and hosts.allow. You're syntax is wrong and it will not work. You need to specify WHO you are allowing and WHO you are blocking. You also need to specify the service by it's inetd name or xinetd (in.telnetd, etc.).

    Man pages are wonderful. Use 'em.

    I found this site had a good example for their usage. It might help. http://www.itc.virginia.edu/unixsys/sec/hosts.html
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  4. #4
    Member
    Join Date
    Feb 2002
    Posts
    83
    MsMittens: I did do a man on it and it did not come up with the information that I need. I agree, though, man pages ARE wonderful. Also I did use the correct syntax (I checked). The syntax is...

    service_name, service_name_2_optional: LOCAL/ALL/ip.addr.ess.here/whatever

    All that I need is the service name that you are supposed to use in the hosta.allow/deny files.

    Sevari: I tried httpd, doesn't work. :-\
    To be God is to be Root, if someone is erking you just type: rm -d /home/heathen

  5. #5
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324

    Re: hosts.allow / hosts.deny question

    Originally posted here by Midridth
    Hey guys.
    I'm running RedHat 7.3 and I am trying to set up the hosts.allow/deny files in /etc. Here's what I have so far...

    hosts.deny:
    -this is blank because it auto blocks everything
    <*snip*>
    You're using RH 7.3 and you stated that leaving hosts.deny blank because it auto blocks everything. That's incorrect. You have to specify what it is to block. So, your hosts.deny should be:

    ALL: ALL

    Since it will try to match up hosts.allow first and then try to match up hosts.deny (like a firewall does in the way it reads the rules). Deny all should be your default last rule.

    As for the format that you are using, yes correct in general but you may not be using identd. 7.3 does use xinetd which means it could be in.httpd. Alternatively, httpd might work. What is apachectl calling (and are you using apache or are you using another web server?)?


    Network Security and Access Control HOWTO: http://www.tldp.org/HOWTO/Net-HOWTO/x810.html
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  6. #6
    str34m3r
    Guest
    Apache in it's default configuration doesn't use tcp wrappers, so you don't need to do anything to make the web server available to everyone. As for the rest, MsMittens is correct, your hosts.deny should say ALL:ALL so that the default action is to block incoming connections. Your hosts.allow should be something like this. The format you're using may work and be valid, but the recommended format is something like this:

    in.ftpd:LOCAL,10.194.30.245
    sshd:LOCAL,10.194.30.245

    Obviously it doesn't matter that much for two services, but when you get to production servers with larger tcpwrappers files, the recommended format allows for more flexibility and easier maintenance.

    Access to apache is controlled by .htaccess files in the individual directories and access control lists in the /etc/httpd/conf/httpd.conf file.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •