Red Hat Bugzilla – Bug 157053
Picky: Slightly more info in /etc/hosts.allow and /etc/hosts.deny
Last modified: 2015-03-04 20:14:52 EST
From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.1) Gecko/20040707 Description of problem: Update the files /etc/hosts.allow and /etc/hosts.deny with additional hints: Old: ==== # # hosts.allow This file describes the names of the hosts which are # allowed to use the local INET services, as decided # by the '/usr/sbin/tcpd' server. # Better: ======= # # hosts.allow This file contains access rules which are used to # allow or deny connections to network services that # either use the tcp_wrappers library or that have been # started through a tcp_wrappers-enabled xinetd. # # See 'man 5 hosts_options' and 'man 5 hosts_access' # for information on rule syntax. # See 'man tcpd' for information on tcp_wrappers # Old: ==== # # hosts.deny This file describes the names of the hosts which are # *not* allowed to use the local INET services, as decided # by the '/usr/sbin/tcpd' server. # # The portmap line is redundant, but it is left to remind you that # the new secure portmap uses hosts.deny and hosts.allow. In particular # you should know that NFS uses portmap! Better: ======== # # hosts.deny This file contains access rules which are used to # deny connections to network services that either use # the tcp_wrappers library or that have been # started through a tcp_wrappers-enabled xinetd. # # The rules in this file can also be set up in # /etc/hosts.allow with a 'deny' option instead. # # See 'man 5 hosts_options' and 'man 5 hosts_access' # for information on rule syntax. # See 'man tcpd' for information on tcp_wrappers # # # The portmap line is redundant, but it is left to remind you that # the new secure portmap uses hosts.deny and hosts.allow. In particular # you should know that NFS uses portmap! # Version-Release number of selected component (if applicable): tcp_wrappers-7.6-37.2 How reproducible: Always Steps to Reproduce: n/a Actual Results: n/a Expected Results: n/a Additional info: n/a
Can I add that the hosts.deny file contains the comment line: # The portmap line is redundant, but it is left to remind you that I have just installed RHEL4 (update 2) and the hosts.deny file contains no portmap line at all. As such the comment line is confusing. My server has portmap installed but not nfs, perhaps a portmap line is added only if nfs is installed? John.
Ouch. The files are not owned by tcp_wrappers at all. Reassigning, clearing flags, etc. Sorry.
Created attachment 155333 [details] this is the patch for setup in fedora devel Here's the patch. I think it should go upstream first, though.
Suggesting for RHEL-4.8, granting Devel ACK. Read ya, Phil
Still in RHEL-4.7 planing, so reflagging for RHEL-4.7 Read ya, Phil
This request was evaluated by Red Hat Product Management for inclusion, but this component is not scheduled to be updated in the current Red Hat Enterprise Linux release. If you would like this request to be reviewed for the next minor release, ask your support representative to set the next rhel-x.y flag to "?".
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2008-0130.html