Sunday, 17 August 2014

TCP Wrappers

The Simple thing I can tell us all about TCP Wrappes is

 " TCP Wrappers are Host-Based Networking Access Control List (ACL) System & used to filter Network access to Internet.



For all services in Linux TCP wrappers cant be applicable by default and its possible if source of the service got compiled with libwrap.

To check whether given service is compatible or not with TCP Wrappers , do as

ldd  /path/to/service | grep libwrap.so

For example lets check sshd service having support or not.

ldd /var/sbin/sshd | grep libwrap.so

Now it will print some output like its there for sshd.

Similarly you can check for any other service you want.

Wild Card Entries:

ALL ,LOCAL, UNKNOWN,KNOWN.

1. To block all hosts from accessing all services remotely

# vi /etc/hosts.deny

ALL : ALL

It will drop all the connections.

2. Allow all except one domain

ALL : @support
ALL : .tech.com EXCEPT development.tech.com

3. Placing logs for unauthorized access

ALL: .developement.com : spawn /bin/echo %a from %h attempted to access %d >> /var/log/ssh.log:deny

4. Log with High priority

sshd: .tech.com severity emerg

5.Spawn with date

In this example I am using sshd service, you can use any if you want.

sshd: 192.168.1.2 : spwan /bin/echo `/bin/date` from %h >> /var/log/ssh.log : deny 

6. twist command is also same but it will send information to client. I didnt succeeded on using this. Give me time to research on this.



No comments:

Post a Comment