TCLUG Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TCLUG:8688] mack address



> 
> On Sep 28, 1999, Mark Dalton <mwd@sgi.com> wrote:
> > 
> > But also it is good to do your own security if you put up a server
> > on the internet.  Use /etc/hosts.allow to allow specific machines to
> > see specific daemons on your machine. Then also use /etc/hosts.deny
> > 	ALL : ALL
> > 	(or you can do something a little fancier).
> 
> So if you put "ALL : ALL" in /etc/hosts.deny, and nothing in /etc/hosts.allow, 
> is that enough?  Any other weak points I should tighten down when the time
> comes?  Should I prune down my /etc/inetd.conf, or will the hosts.deny
> cover that, too?
> 

If nothing is in /etc/hosts.allow than nothing can access your machine.

If there is something specific you want to be accessable from all machines
or a specific domain or a specific machine, you can add that to /etc/hosts.allow.
	sshd : [machine or IP address]   <-- to allow ssh from a particular machine
  in.telnetd : [machine or IP address]   <-- to allow telnet from a machine
					     (and the password can be seen)

Mark
-- 
Mark Dalton       CH3-S-CH2 H                      H      O       H
Silicon Graphics, Inc.  |   |                      |       \      |
Eagan, MN 55121         CH2-C-COO    //\ ---C--CH2-C-COO    C-CH2-C-COO
mwd@sgi.com                 |       |  ||   ||     |       //     |
                            NH3      \\/ \ / CH    NH3    O       NH3
                                          NH
My home page: http://www.cbc.umn.edu/~mwd/mwd.html
Cell Biology: http://www.cbc.umn.edu/~mwd/cell.html