Skip to Main Content
Linux Security Cookbook
book

Linux Security Cookbook

by Daniel J. Barrett, Richard E. Silverman, Robert G. Byrnes
June 2003
Intermediate to advanced content levelIntermediate to advanced
336 pages
8h 54m
English
O'Reilly Media, Inc.
Content preview from Linux Security Cookbook

3.11. Restricting Access by Remote Hosts (inetd)

Problem

You want only particular remote hosts to access a TCP service via inetd .

Solution

Use tcpd, specifying rules in /etc/hosts.allow and/or /etc/hosts.deny. Here’s an example of wrapping the Telnet daemon, in.telnetd, to permit connections only from IP address 192.168.1.100 or the example.com domain. Add to /etc/hosts.allow:

in.telnetd : 192.168.1.100
in.telnetd : *.example.com
in.telnetd : ALL : DENY

Then modify the appropriate configuration files to substitute tcpd for your service, and restart inetd.

Discussion

The control files /etc/hosts.allow and /etc/hosts.deny define rules by which remote hosts may access local TCP services. The access control daemon tcpd processes the rules and determines whether or not to launch a given service.

First set up your access control rules in /etc/hosts.allow and/or /etc/hosts.deny. Then modify /etc/inetd.conf to invoke the service through tcpd:

               Old /etc/inetd.conf:
telnet  stream  tcp  nowait  root  /usr/sbin/in.telnetd  in.telnetd

New /etc/inetd.conf:
telnet  stream  tcp  nowait  root  /usr/sbin/tcpd  /usr/sbin/in.telnetd

Finally restart inetd so your changes take effect. [Recipe 3.4]

See Also

hosts.allow(5), tcpd(8), inetd.conf(5).

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Linux Administration Cookbook

Linux Administration Cookbook

Adam K. Dean

Publisher Resources

ISBN: 0596003919Errata Page