TCLUG Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [TCLUG:8688] mack address
>
> On Sep 28, 1999, Mark Dalton <mwd@sgi.com> wrote:
> >
> > But also it is good to do your own security if you put up a server
> > on the internet. Use /etc/hosts.allow to allow specific machines to
> > see specific daemons on your machine. Then also use /etc/hosts.deny
> > ALL : ALL
> > (or you can do something a little fancier).
>
> So if you put "ALL : ALL" in /etc/hosts.deny, and nothing in /etc/hosts.allow,
> is that enough? Any other weak points I should tighten down when the time
> comes? Should I prune down my /etc/inetd.conf, or will the hosts.deny
> cover that, too?
>
If nothing is in /etc/hosts.allow than nothing can access your machine.
If there is something specific you want to be accessable from all machines
or a specific domain or a specific machine, you can add that to /etc/hosts.allow.
sshd : [machine or IP address] <-- to allow ssh from a particular machine
in.telnetd : [machine or IP address] <-- to allow telnet from a machine
(and the password can be seen)
Mark
--
Mark Dalton CH3-S-CH2 H H O H
Silicon Graphics, Inc. | | | \ |
Eagan, MN 55121 CH2-C-COO //\ ---C--CH2-C-COO C-CH2-C-COO
mwd@sgi.com | | || || | // |
NH3 \\/ \ / CH NH3 O NH3
NH
My home page: http://www.cbc.umn.edu/~mwd/mwd.html
Cell Biology: http://www.cbc.umn.edu/~mwd/cell.html