Date: Wed, 6 Aug 2003 18:03:15 +0100 From: "Schalk Erasmus" <schalk@home.incredible.com.na> To: <freebsd-isp@freebsd.org> Subject: FreeBSD - Secure by DEFAULT ?? [hosts.allow] Message-ID: <006801c35c3c$a0ce65a0$0265de0a@Fujitsu> References: <000a01c358d3$dcc94eb0$0265de0a@Fujitsu> <001501c358d4$eb701c90$0265de0a@Fujitsu>
next in thread | previous in thread | raw e-mail | index | archive | help
Could someone assist me with this? Regards Schalk ----- Original Message ----- Sent: Saturday, August 02, 2003 10:03 AM Subject: Re: FreeBSD - Secure by DEFAULT ?? [hosts.allow] > I guess I also need to allow the other Services, in this order: > > sshd : myhomepc : allow > exim : ALL : allow > httpd : ALL : allow > ftpd : ALL : allow > ALL : ALL : deny > > Is this right? > > > # Start by allowing everything (this prevents the rest of the file > > # from working, so remove it when you need protection). > > # The rules here work on a "First match wins" basis. > > ALL : ALL : allow > > > > # Wrapping sshd(8) is not normally a good idea, but if you > > # need to do it, here's how > > #sshd : .evil.cracker.example.com : deny > > > > Regards > > Schalk Erasmus > > > > > ----- Original Message ----- Sent: Saturday, August 02, 2003 9:55 AM Subject: FreeBSD - Secure by DEFAULT ?? > Hi, > > I need to know what the implications are to make use of the hosts.allow file > on a FreeBSD Production Server (ISP Setup)? > > The reason I'm asking, is that I've recently decommisioned a Linux SendMail > Server to a FreeBSD Exim Server, but with no Firewall (IPTABLES) yet. > > Besides the fact that it only runs EXIM and Apache, is it necessary to > Configure rc.Firewall? or can I only make use of the hosts.allow file? > > Currently I would only like to allow SSH access from my Home Network, > instead of allowing the WORLD. > > I've seen OpenBSD Servers using hosts.deny and hosts.allow files, but based > on the new "Access Control File", it is all merged together in one file: > > # > # hosts.allow access control file for "tcp wrapped" applications. > # $FreeBSD: src/etc/hosts.allow,v 1.8.2.7 2002/04/17 19:44:22 dougb Exp $ > # > # NOTE: The hosts.deny file is deprecated. > # Place both 'allow' and 'deny' rules in the hosts.allow file. > # See hosts_options(5) for the format of this file. > # hosts_access(5) no longer fully applies. > # Start by allowing everything (this prevents the rest of the file > # from working, so remove it when you need protection). > # The rules here work on a "First match wins" basis. > ALL : ALL : allow > > # Wrapping sshd(8) is not normally a good idea, but if you > # need to do it, here's how > #sshd : .evil.cracker.example.com : deny > > > Should I make the following changes to this file? (I'm afraid I might get > kicked out) > > ALL : ALL : deny > sshd : myhomepc.baboon.com : allow > > > What kind of protection does FreeBSD need by Default? Since OpenBSD goes > around saying: "SECURE BY DEFAULT" !? > > > Just asking..... > > Regards > Schalk Erasmus > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?006801c35c3c$a0ce65a0$0265de0a>