Description of problem:
The files /etc/hosts.allow and /etc/hosts.deny are still installed in RHEL 8, despite the tcp_wrappers package having been removed. These files now contain entirely inaccurate information about man pages and options (references to "man 5 hosts_options" and "man 5 hosts_access" fail on RHEL 8), and the "tcp_wrappers-enabled version of xinetd" no longer exists (the 'xinetd' package is still included, but no longer links to libwrap).
I expect to see correct information in these files, or they should not exist at all. An example of "correct information" in this case might be a reference to a specific systemd man page, or to the RHEL 8 documentation (on the web), with _specific_ information about how to convert hosts.allow rules to e.g. sshd configuration or an systemd configuration for the sshd service.
Version-Release number of selected component (if applicable):
any RHEL 8 beta install
Steps to Reproduce:
100% of installed RHEL 8 systems (incorrect files included in the package "setup-2.12.2-1.el8.noarch".
What information can you provide around timeframes and the business impact?
We actually use tcp_wrappers extensively on our Linux hosts, as a cheap and simple backup to hardware firewalls and as a local (on-premises) filter for restricted-access hosts. Reconfiguring 'sshd' on hundreds of hosts with different rule sets will be significant imposition on our time (assuming we can even achieve the same level of functionality at all with the application-layer configuration options).
This bug has been copied as 8.0.0 z-stream bug # 1690901 and now must be
resolved in the current update release, set blocker flag.
*** Bug 1683760 has been marked as a duplicate of this bug. ***
The current wording is very vague and does not give quite much any useful information, except for the filenames. And actually it is not even correct since these files were completely removed from RHEL8.
I would be for something along these lines:
> .The `/etc/hosts.allow` and `/etc/hosts.deny` files no longer contain outdated references to removed tcp_wrappers functionality
> Previously, the `/etc/hosts.allow` and `/etc/hosts.deny` files contained outdated information about tcp_wrappers. The files were removed in RHEL 8 as they are no longer needed for removed tcp_wrappers.