Red Hat ENTERPRISE LINUX 3 Reference Manual
Also see for ENTERPRISE LINUX 3 - SECURITY GUIDE: Tuning guideInstallation guideInstallation guideInstallation guideManual
                                                                                                                                                                                                                                                                                                                                    | |
Contents
|
244 Chapter 16. TCP Wrappers and xinetd16.2.1.4. OperatorsAt present, access control rules accept one operator, EXCEPT. It can be used in both the daemon listand the client list of a rule.The EXCEPT operator allows specific exceptions to broader matches within the same rule.In the following example from a hosts.allow file, all example.com hosts are allowed to connectto all services except cracker.example.com:ALL: .example.com EXCEPT cracker.example.comIn the another example from a hosts.allow file, clients from the 192.168.0.x network can use allservices except for FTP:ALL EXCEPT vsftpd: 192.168.0.NoteOrganizationally, it is often easier to avoid using EXCEPT operators. This allows other administrators toquickly scan the appropriate files to see what hosts should are allowed or denied access to services,without having to sort through EXCEPT operators.16.2.2. Option FieldsIn addition to basic rules allowing and denying access, the Red Hat Enterprise Linux implementationof TCP wrappers supports extensions to the access control language through option fields. By usingoption fields within hosts access rules, administrators can accomplish a variety of tasks such as alteringlog behavior, consolidating access control, and launching shell commands.16.2.2.1. LoggingOption fields let administrators easily change the log facility and priority level for a rule by using theseverity directive.In the following example, connections to the SSH daemon from any host in the example.com domainare logged to the default authpriv syslog facility (because no facility value is specified) with apriority of emerg:sshd : .example.com : severity emergIt is also possible to specify a facility using the severity option. The following example logs anySSH connection attempts by hosts from the example.com domain to the local0 facility with apriority of alert:sshd : .example.com : severity local0.alert |
Related manuals for Red Hat ENTERPRISE LINUX 3 - SECURITY GUIDE
Red Hat ENTERPRISE LINUX 4.5.0 Reference Manual
Red Hat ENTERPRISE LINUX 4 Manual
Red Hat ENTERPRISE LINUX 4 Manual
Red Hat ENTERPRISE LINUX 5.4 - SYSTEMTAP TAPSET Reference Manual
Red Hat LINUX 7.2 Reference Manual
Red Hat NETWORK 2.7 - ENTERPRISE Reference Manual
Red Hat ENTERPRISE LINUX 5.4 - SYSTEMTAP LANGUAGE Reference Manual
Red Hat ENTERPRISE LINUX 5.3 - RELEASE MANIFEST Manual
Red Hat ENTERPRISE LINUX 3 - STEP BY STEP GUIDE Manual
Red Hat ENTERPRISE LINUX 4 - USING AS Using Manual
This manual is suitable for:
manualsdatabase
Your AI-powered manual search engine