|Summary:||Picky: Slightly more info in /etc/hosts.allow and /etc/hosts.deny|
|Product:||Red Hat Enterprise Linux 4||Reporter:||David Tonhofer <bughunt>|
|Component:||setup||Assignee:||Phil Knirsch <pknirsch>|
|Status:||CLOSED ERRATA||QA Contact:||David Lawrence <dkl>|
|Version:||4.0||CC:||john.horne, rvokal, shillman, tjanouse|
|Fixed In Version:||RHBA-2008-0130||Doc Type:||Enhancement|
|Doc Text:||Story Points:||---|
|Last Closed:||2008-03-05 12:30:40 UTC||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Cloudforms Team:||---||Target Upstream Version:|
Description David Tonhofer 2005-05-06 14:32:39 UTC
From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.1) Gecko/20040707 Description of problem: Update the files /etc/hosts.allow and /etc/hosts.deny with additional hints: Old: ==== # # hosts.allow This file describes the names of the hosts which are # allowed to use the local INET services, as decided # by the '/usr/sbin/tcpd' server. # Better: ======= # # hosts.allow This file contains access rules which are used to # allow or deny connections to network services that # either use the tcp_wrappers library or that have been # started through a tcp_wrappers-enabled xinetd. # # See 'man 5 hosts_options' and 'man 5 hosts_access' # for information on rule syntax. # See 'man tcpd' for information on tcp_wrappers # Old: ==== # # hosts.deny This file describes the names of the hosts which are # *not* allowed to use the local INET services, as decided # by the '/usr/sbin/tcpd' server. # # The portmap line is redundant, but it is left to remind you that # the new secure portmap uses hosts.deny and hosts.allow. In particular # you should know that NFS uses portmap! Better: ======== # # hosts.deny This file contains access rules which are used to # deny connections to network services that either use # the tcp_wrappers library or that have been # started through a tcp_wrappers-enabled xinetd. # # The rules in this file can also be set up in # /etc/hosts.allow with a 'deny' option instead. # # See 'man 5 hosts_options' and 'man 5 hosts_access' # for information on rule syntax. # See 'man tcpd' for information on tcp_wrappers # # # The portmap line is redundant, but it is left to remind you that # the new secure portmap uses hosts.deny and hosts.allow. In particular # you should know that NFS uses portmap! # Version-Release number of selected component (if applicable): tcp_wrappers-7.6-37.2 How reproducible: Always Steps to Reproduce: n/a Actual Results: n/a Expected Results: n/a Additional info: n/a
Comment 2 John Horne 2006-01-20 13:22:07 UTC
Can I add that the hosts.deny file contains the comment line: # The portmap line is redundant, but it is left to remind you that I have just installed RHEL4 (update 2) and the hosts.deny file contains no portmap line at all. As such the comment line is confusing. My server has portmap installed but not nfs, perhaps a portmap line is added only if nfs is installed? John.
Comment 5 Tomas Janousek 2007-05-24 11:25:29 UTC
Ouch. The files are not owned by tcp_wrappers at all. Reassigning, clearing flags, etc. Sorry.
Comment 6 Tomas Janousek 2007-05-24 11:27:17 UTC
Created attachment 155333 [details] this is the patch for setup in fedora devel Here's the patch. I think it should go upstream first, though.
Comment 8 Phil Knirsch 2008-02-22 16:36:39 UTC
Suggesting for RHEL-4.8, granting Devel ACK. Read ya, Phil
Comment 9 Phil Knirsch 2008-02-22 17:05:26 UTC
Still in RHEL-4.7 planing, so reflagging for RHEL-4.7 Read ya, Phil
Comment 10 RHEL Program Management 2008-02-22 17:08:37 UTC
This request was evaluated by Red Hat Product Management for inclusion, but this component is not scheduled to be updated in the current Red Hat Enterprise Linux release. If you would like this request to be reviewed for the next minor release, ask your support representative to set the next rhel-x.y flag to "?".
Comment 16 errata-xmlrpc 2008-03-05 12:30:40 UTC
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2008-0130.html