RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1663556 - /etc/hosts.allow and /etc/hosts.deny files contain extremely inaccurate information
Summary: /etc/hosts.allow and /etc/hosts.deny files contain extremely inaccurate infor...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: setup
Version: 8.0
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: rc
: 8.0
Assignee: Pavel Zhukov
QA Contact: qe-baseos-daemons
Ioanna Gkioka
URL:
Whiteboard:
: 1683760 (view as bug list)
Depends On: 1681503
Blocks: 1596070 1679810 1690901
TreeView+ depends on / blocked
 
Reported: 2019-01-04 20:44 UTC by SHAURYA
Modified: 2023-10-06 18:03 UTC (History)
20 users (show)

Fixed In Version: setup-2.12.2-2.el8
Doc Type: Bug Fix
Doc Text:
.The `/etc/hosts.allow` and `/etc/hosts.deny` files no longer contain outdated references to removed `tcp_wrappers` Previously, the `/etc/hosts.allow` and `/etc/hosts.deny` files contained outdated information about the `tcp_wrappers` package. The files are removed in RHEL 8 as they are no longer needed for `tcp_wrappers` which is removed.
Clone Of:
: 1690901 (view as bug list)
Environment:
Last Closed: 2020-05-07 15:36:43 UTC
Type: Bug
Target Upstream Version:
Embargoed:
igkioka: needinfo-


Attachments (Terms of Use)

Description SHAURYA 2019-01-04 20:44:18 UTC
Description of problem:

The files /etc/hosts.allow and /etc/hosts.deny are still installed in RHEL 8, despite the tcp_wrappers package having been removed. These files now contain entirely inaccurate information about man pages and options (references to "man 5 hosts_options" and "man 5 hosts_access" fail on RHEL 8), and the "tcp_wrappers-enabled version of xinetd" no longer exists (the 'xinetd' package is still included, but no longer links to libwrap).

I expect to see correct information in these files, or they should not exist at all. An example of "correct information" in this case might be a reference to a specific systemd man page, or to the RHEL 8 documentation (on the web), with _specific_ information about how to convert hosts.allow rules to e.g. sshd configuration or an systemd configuration for the sshd service.

Version-Release number of selected component (if applicable):

setup-2.12.2-1.el8.noarch

How reproducible:

any RHEL 8 beta install

Steps to Reproduce:

100% of installed RHEL 8 systems (incorrect files included in the package "setup-2.12.2-1.el8.noarch".

What information can you provide around timeframes and the business impact?

We actually use tcp_wrappers extensively on our Linux hosts, as a cheap and simple backup to hardware firewalls and as a local (on-premises) filter for restricted-access hosts.  Reconfiguring 'sshd' on hundreds of hosts with different rule sets will be significant imposition on our time (assuming we can even achieve the same level of functionality at all with the application-layer configuration options).


Additional info:

Comment 14 Oneata Mircea Teodor 2019-03-20 12:44:24 UTC
This bug has been copied as 8.0.0 z-stream  bug # 1690901 and now must be
resolved in the current update release, set blocker flag.

Comment 19 Martin Osvald 🛹 2019-06-14 06:22:40 UTC
*** Bug 1683760 has been marked as a duplicate of this bug. ***

Comment 25 Jakub Jelen 2019-07-24 07:07:10 UTC
The current wording is very vague and does not give quite much any useful information, except for the filenames. And actually it is not even correct since these files were completely removed from RHEL8.

I would be for something along these lines:

> .The `/etc/hosts.allow` and `/etc/hosts.deny` files no longer contain outdated references to removed tcp_wrappers functionality

> Previously, the `/etc/hosts.allow` and `/etc/hosts.deny` files contained outdated information about tcp_wrappers. The files were removed in RHEL 8 as they are no longer needed for removed tcp_wrappers.


Note You need to log in before you can comment on or make changes to this bug.