Domain hosting, buy domain names & web page promotion services
  

 Home
Red Hat Linux 8.0: The Official Red Hat Linux Reference Guide
PrevNext

Chapter 8. TCP Wrappers and xinetd

Controlling access to network services can be a challenge. Firewalls are useful for controlling access in and out of a particular network, but they can be difficult to configure. TCP wrappers and xinetd control access to services by hostname and IP addresses. In addition, these tools also include logging and utilization management capabilities that are easy to configure.

What Are TCP Wrappers?

TCP wrappers is installed by default with a server-class installation of Red Hat Linux 8.0, and provides access control to a variety of services. Most modern network services, such as SSH, Telnet, and FTP, make use of TCP wrappers, a program that is designed to stand guard between an incoming request and the requested service.

The idea behind TCP wrappers is that client requests to server applications are "wrapped" by an authenticating service, allowing a greater degree of access control and logging for anyone attempting to use the service.

The functionality behind TCP wrappers is provided by libwrap.a, a library that network services, such as xinetd, sshd, and portmap, are compiled against. Additional network services, even networking programs you may write, can be compiled against libwrap.a to provide this functionality. Red Hat Linux bundles the necessary TCP wrapper programs and library in the tcp_wrappers-<version> RPM file.

TCP Wrapper Advantages

When a user attempts to gain client access to a network service that is using TCP wrappers, a small wrapper program reports the name of the service requested and the client's host information. The wrapper program does not directly send any information back to the client, and after the access control directives are satisfied, the wrapper is unloaded and frees up its resources. The client and the server can then resume actions without further wrapper intervention.

TCP wrappers provide two basic advantages over other network service control techniques:

  • The connecting client is unaware that TCP wrappers are in use. — Legitimate users will not notice anything different, and attackers never receive any additional information about why their attempted connections have failed.

  • TCP wrappers operate separately from the applications the wrapper program protects. — This allows many server applications to share a common set of configuration files for simpler management.

PrevHomeNext
Additional ResourcesUpHost-Based Access Control Lists
 

 

 

 

Buy domain name by 895cheap-domain.com |  Web site ranking and promotion 

Disclaimer: For authoritative source or latest update to this documentation, please refer to http://www.redhat.com/docs/manuals/linux/

 
Quotes: So different are the colours of life, as we look forward to the future, or backward to the past; and so different the opinions and sentiments which this contrariety of appearance naturally produces, that the conversation of the old and young ends generally with contempt or pity on either side.