Bug 67035

Summary: initial setup insecure - /etc/hosts.[allow,deny]
Product: [Retired] Red Hat Linux Reporter: keith adamson <keith.adamson>
Component: tcp_wrappersAssignee: Florian La Roche <laroche>
Status: CLOSED NOTABUG QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.3   
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2002-06-19 16:44:22 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description keith adamson 2002-06-19 16:44:15 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.9) Gecko/20020513

Description of problem:
initial setup insecure - /etc/hosts.[allow,deny]

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.Install RedHat Linux
2.
3.
	

Actual Results:  Insecure setup

Expected Results:  Secure setup

Additional info:

I emailed rhn-feedback.com
concerning RHSA-2002:089-07 LPRng-3.7.4-23.1.alpha.rpm;

> Very good change (I've had to do manually)
>
> While your at it you also may want to fix;
>     /etc/hosts.deny by adding;
>         ALL: ALL
>     /etc/hosts.allow by adding;
>         ALL: 127.0.0.1
> for a Workstation config.
>
> Reason is because you turn on portmap, xinetd, fam, nfslock for a
> Workstation config.
>
> You may also want to add to /etc/xinetd.d/sgi_fam
>     only_from   = 127.0.0.1
>
> BTW why is sendmail turned on for a Workstation config?
> I always have to turn it off manually after install.
>

Your response was;

> You can make comments on our packaging (bugs,
> ommissions, dumb setup, feature requests, etc.) at
>
>   http://bugzilla.redhat.com/bugzilla
>
> Thank you,
> Dave Cook
> RHN Team

So here you go.
Comment 1 Florian La Roche 2002-06-21 17:18:46 UTC 
I think we only should use ipchains to secure services via anaconda during
installation, but leave tcp_wrapper away from this.

greetings,

Florian La Roche