Bug 1663556 - /etc/hosts.allow and /etc/hosts.deny files contain extremely inaccurate information
Summary: /etc/hosts.allow and /etc/hosts.deny files contain extremely inaccurate infor...
Keywords:
Status: MODIFIED
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: setup
Version: 8.0
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: rc
: 8.0
Assignee: Martin Osvald 🛹
QA Contact: BaseOS QE - Apps
Ioanna Gkioka
URL:
Whiteboard:
: 1683760 (view as bug list)
Depends On: 1681503
Blocks: 1596070 1679810 1690901
TreeView+ depends on / blocked
 
Reported: 2019-01-04 20:44 UTC by SHAURYA
Modified: 2019-07-24 07:22 UTC (History)
17 users (show)

Fixed In Version: setup-2.12.2-2.el8
Doc Type: Bug Fix
Doc Text:
.The `/etc/hosts.allow` and `/etc/hosts.deny` files no longer contain outdated references to removed `tcp_wrappers` Previously, the `/etc/hosts.allow` and `/etc/hosts.deny` files contained outdated information about the `tcp_wrappers` package. The files are removed in RHEL 8 as they are no longer needed for `tcp_wrappers` which is removed.
Clone Of:
: 1690901 (view as bug list)
Environment:
Last Closed:
Type: Bug
igkioka: needinfo-


Attachments (Terms of Use)

Description SHAURYA 2019-01-04 20:44:18 UTC
Description of problem:

The files /etc/hosts.allow and /etc/hosts.deny are still installed in RHEL 8, despite the tcp_wrappers package having been removed. These files now contain entirely inaccurate information about man pages and options (references to "man 5 hosts_options" and "man 5 hosts_access" fail on RHEL 8), and the "tcp_wrappers-enabled version of xinetd" no longer exists (the 'xinetd' package is still included, but no longer links to libwrap).

I expect to see correct information in these files, or they should not exist at all. An example of "correct information" in this case might be a reference to a specific systemd man page, or to the RHEL 8 documentation (on the web), with _specific_ information about how to convert hosts.allow rules to e.g. sshd configuration or an systemd configuration for the sshd service.

Version-Release number of selected component (if applicable):

setup-2.12.2-1.el8.noarch

How reproducible:

any RHEL 8 beta install

Steps to Reproduce:

100% of installed RHEL 8 systems (incorrect files included in the package "setup-2.12.2-1.el8.noarch".

What information can you provide around timeframes and the business impact?

We actually use tcp_wrappers extensively on our Linux hosts, as a cheap and simple backup to hardware firewalls and as a local (on-premises) filter for restricted-access hosts.  Reconfiguring 'sshd' on hundreds of hosts with different rule sets will be significant imposition on our time (assuming we can even achieve the same level of functionality at all with the application-layer configuration options).


Additional info:

Comment 14 Oneata Mircea Teodor 2019-03-20 12:44:24 UTC
This bug has been copied as 8.0.0 z-stream  bug # 1690901 and now must be
resolved in the current update release, set blocker flag.

Comment 19 Martin Osvald 🛹 2019-06-14 06:22:40 UTC
*** Bug 1683760 has been marked as a duplicate of this bug. ***

Comment 25 Jakub Jelen 2019-07-24 07:07:10 UTC
The current wording is very vague and does not give quite much any useful information, except for the filenames. And actually it is not even correct since these files were completely removed from RHEL8.

I would be for something along these lines:

> .The `/etc/hosts.allow` and `/etc/hosts.deny` files no longer contain outdated references to removed tcp_wrappers functionality

> Previously, the `/etc/hosts.allow` and `/etc/hosts.deny` files contained outdated information about tcp_wrappers. The files were removed in RHEL 8 as they are no longer needed for removed tcp_wrappers.


Note You need to log in before you can comment on or make changes to this bug.