Bug 157053 - Picky: Slightly more info in /etc/hosts.allow and /etc/hosts.deny
Summary: Picky: Slightly more info in /etc/hosts.allow and /etc/hosts.deny
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: setup
Version: 4.0
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: ---
: ---
Assignee: Phil Knirsch
QA Contact: David Lawrence
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-05-06 14:32 UTC by David Tonhofer
Modified: 2015-03-05 01:14 UTC (History)
4 users (show)

Fixed In Version: RHBA-2008-0130
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-03-05 12:30:40 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)
this is the patch for setup in fedora devel (1.58 KB, patch)
2007-05-24 11:27 UTC, Tomas Janousek
no flags Details | Diff


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2008:0130 0 normal SHIPPED_LIVE setup bug fix and enhancement update 2008-07-23 21:57:38 UTC

Description David Tonhofer 2005-05-06 14:32:39 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.1) Gecko/20040707

Description of problem:
Update the files /etc/hosts.allow and /etc/hosts.deny with additional hints:

Old:
====

#
# hosts.allow   This file describes the names of the hosts which are
#               allowed to use the local INET services, as decided
#               by the '/usr/sbin/tcpd' server.
#

Better:
=======

#
# hosts.allow   This file contains access rules which are used to
#               allow or deny connections to network services that
#               either use the tcp_wrappers library or that have been
#               started through a tcp_wrappers-enabled xinetd.
#
#               See 'man 5 hosts_options' and 'man 5 hosts_access'
#                 for information on rule syntax.
#               See 'man tcpd' for information on tcp_wrappers
#

Old:
====

#
# hosts.deny    This file describes the names of the hosts which are
#               *not* allowed to use the local INET services, as decided
#               by the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow.  In particular
# you should know that NFS uses portmap!

Better:
========

#
# hosts.deny    This file contains access rules which are used to
#               deny connections to network services that either use
#               the tcp_wrappers library or that have been
#               started through a tcp_wrappers-enabled xinetd.
#
#               The rules in this file can also be set up in
#               /etc/hosts.allow with a 'deny' option instead.
#
#               See 'man 5 hosts_options' and 'man 5 hosts_access'
#                 for information on rule syntax.
#               See 'man tcpd' for information on tcp_wrappers
#
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow.  In particular
# you should know that NFS uses portmap!
#



Version-Release number of selected component (if applicable):
tcp_wrappers-7.6-37.2

How reproducible:
Always

Steps to Reproduce:
n/a
  

Actual Results:  n/a

Expected Results:  n/a

Additional info:

n/a

Comment 2 John Horne 2006-01-20 13:22:07 UTC
Can I add that the hosts.deny file contains the comment line:

  # The portmap line is redundant, but it is left to remind you that

I have just installed RHEL4 (update 2) and the hosts.deny file contains no
portmap line at all. As such the comment line is confusing. My server has
portmap installed but not nfs, perhaps a portmap line is added only if nfs is
installed?



John.

Comment 5 Tomas Janousek 2007-05-24 11:25:29 UTC
Ouch. The files are not owned by tcp_wrappers at all. Reassigning, clearing
flags, etc. Sorry.

Comment 6 Tomas Janousek 2007-05-24 11:27:17 UTC
Created attachment 155333 [details]
this is the patch for setup in fedora devel

Here's the patch. I think it should go upstream first, though.

Comment 8 Phil Knirsch 2008-02-22 16:36:39 UTC
Suggesting for RHEL-4.8, granting Devel ACK.

Read ya, Phil

Comment 9 Phil Knirsch 2008-02-22 17:05:26 UTC
Still in RHEL-4.7 planing, so reflagging for RHEL-4.7

Read ya, Phil

Comment 10 RHEL Program Management 2008-02-22 17:08:37 UTC
This request was evaluated by Red Hat Product Management for
inclusion, but this component is not scheduled to be updated in
the current Red Hat Enterprise Linux release. If you would like
this request to be reviewed for the next minor release, ask your
support representative to set the next rhel-x.y flag to "?".

Comment 16 errata-xmlrpc 2008-03-05 12:30:40 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2008-0130.html



Note You need to log in before you can comment on or make changes to this bug.