NoteTo determine if a network service binary is linked against libwrap.a, type thefollowing command as the root user:ldd binary-name | grep libwrapReplace with the name of the network service binary.If a prompt is returned, then the network service is not linked against libwrap.a.1.1. Advantages of TCP WrappersTCP wrappers provide the following advantages over other network service control techniques:• Transparency to both the client host and the wrapped network service — Both the connectingclient and the wrapped network service are unaware that TCP wrappers are in use.Legitimate users are logged and connected to the requested service while connections frombanned clients fail.• Centralized management of multiple protocols — TCP wrappers operate separately from thenetwork services they protect, allowing many server applications to share a common set ofconfiguration files for simpler management.2. TCP Wrappers Configuration FilesTo determine if a client machine is allowed to connect to a service, TCP wrappers reference thefollowing two files, which are commonly referred to as hosts access files:• /etc/hosts.allow• /etc/hosts.denyWhen a client request is received by a TCP wrapped service, it takes the following basic steps:1. References /etc/hosts.allow. — The TCP wrapped service sequentially parses the/etc/hosts.allow file and applies the first rule specified for that service. If it finds amatching rule, it allows the connection. If not, it moves on to the next step.2. References /etc/hosts.deny. — The TCP wrapped service sequentially parses the/etc/hosts.deny file. If it finds a matching rule, it denies the connection. If not, access toChapter 17. TCP Wrappers and ...310
