Bug 157053 - Picky: Slightly more info in /etc/hosts.allow and /etc/hosts.deny
Picky: Slightly more info in /etc/hosts.allow and /etc/hosts.deny
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: setup (Show other bugs)
4.0
x86_64 Linux
medium Severity medium
: ---
: ---
Assigned To: Phil Knirsch
David Lawrence
: FutureFeature
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-05-06 10:32 EDT by David Tonhofer
Modified: 2015-03-04 20:14 EST (History)
4 users (show)

See Also:
Fixed In Version: RHBA-2008-0130
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-03-05 07:30:40 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
this is the patch for setup in fedora devel (1.58 KB, patch)
2007-05-24 07:27 EDT, Tomas Janousek
no flags Details | Diff

  None (edit)
Description David Tonhofer 2005-05-06 10:32:39 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.1) Gecko/20040707

Description of problem:
Update the files /etc/hosts.allow and /etc/hosts.deny with additional hints:

Old:
====

#
# hosts.allow   This file describes the names of the hosts which are
#               allowed to use the local INET services, as decided
#               by the '/usr/sbin/tcpd' server.
#

Better:
=======

#
# hosts.allow   This file contains access rules which are used to
#               allow or deny connections to network services that
#               either use the tcp_wrappers library or that have been
#               started through a tcp_wrappers-enabled xinetd.
#
#               See 'man 5 hosts_options' and 'man 5 hosts_access'
#                 for information on rule syntax.
#               See 'man tcpd' for information on tcp_wrappers
#

Old:
====

#
# hosts.deny    This file describes the names of the hosts which are
#               *not* allowed to use the local INET services, as decided
#               by the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow.  In particular
# you should know that NFS uses portmap!

Better:
========

#
# hosts.deny    This file contains access rules which are used to
#               deny connections to network services that either use
#               the tcp_wrappers library or that have been
#               started through a tcp_wrappers-enabled xinetd.
#
#               The rules in this file can also be set up in
#               /etc/hosts.allow with a 'deny' option instead.
#
#               See 'man 5 hosts_options' and 'man 5 hosts_access'
#                 for information on rule syntax.
#               See 'man tcpd' for information on tcp_wrappers
#
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow.  In particular
# you should know that NFS uses portmap!
#



Version-Release number of selected component (if applicable):
tcp_wrappers-7.6-37.2

How reproducible:
Always

Steps to Reproduce:
n/a
  

Actual Results:  n/a

Expected Results:  n/a

Additional info:

n/a
Comment 2 John Horne 2006-01-20 08:22:07 EST
Can I add that the hosts.deny file contains the comment line:

  # The portmap line is redundant, but it is left to remind you that

I have just installed RHEL4 (update 2) and the hosts.deny file contains no
portmap line at all. As such the comment line is confusing. My server has
portmap installed but not nfs, perhaps a portmap line is added only if nfs is
installed?



John.
Comment 5 Tomas Janousek 2007-05-24 07:25:29 EDT
Ouch. The files are not owned by tcp_wrappers at all. Reassigning, clearing
flags, etc. Sorry.
Comment 6 Tomas Janousek 2007-05-24 07:27:17 EDT
Created attachment 155333 [details]
this is the patch for setup in fedora devel

Here's the patch. I think it should go upstream first, though.
Comment 8 Phil Knirsch 2008-02-22 11:36:39 EST
Suggesting for RHEL-4.8, granting Devel ACK.

Read ya, Phil
Comment 9 Phil Knirsch 2008-02-22 12:05:26 EST
Still in RHEL-4.7 planing, so reflagging for RHEL-4.7

Read ya, Phil
Comment 10 RHEL Product and Program Management 2008-02-22 12:08:37 EST
This request was evaluated by Red Hat Product Management for
inclusion, but this component is not scheduled to be updated in
the current Red Hat Enterprise Linux release. If you would like
this request to be reviewed for the next minor release, ask your
support representative to set the next rhel-x.y flag to "?".
Comment 16 errata-xmlrpc 2008-03-05 07:30:40 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2008-0130.html

Note You need to log in before you can comment on or make changes to this bug.