From owner-freebsd-security  Tue Feb  2 16:07:08 1999
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id QAA02913
          for freebsd-security-outgoing; Tue, 2 Feb 1999 16:07:08 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from emu.sourcee.com (emu.sourcee.com [205.181.251.129])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA02899
          for <freebsd-security@FreeBSD.ORG>; Tue, 2 Feb 1999 16:07:01 -0800 (PST)
          (envelope-from nrice@emu.sourcee.com)
Received: (from nrice@localhost)
	by emu.sourcee.com (8.9.1/8.9.1) id TAA17518;
	Tue, 2 Feb 1999 19:06:55 -0500 (EST)
Date: Tue, 2 Feb 1999 19:06:55 -0500
From: "Norman C. Rice" <nrice@emu.sourcee.com>
To: Binh Nguyen <Binh@asu.edu>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: hosts.allow and deny!
Message-ID: <19990202190654.B16927@emu.sourcee.com>
References: <Pine.GSO.3.96.990202112911.8764A-100000@ai.asu.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.95i
In-Reply-To: <Pine.GSO.3.96.990202112911.8764A-100000@ai.asu.edu>; from Binh Nguyen on Tue, Feb 02, 1999 at 11:31:40AM -0700
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Tue, Feb 02, 1999 at 11:31:40AM -0700, Binh Nguyen wrote:
> Hi!
> 	
> 	I want to ask a question.  Is there a way on Freebsd2.2.8 that I could
> implement the hosts.allow and hosts.deny, so no one could access my server
> without being addin the hosts.allow.

Just put "ALL: ALL" in /usr/local/etc/hosts.deny for a default policy
of denying everyone access to all wrapped services. Grant service access
by adding an appropriate entry in /usr/local/etc/hosts.allow.

> 	Also, is there a good admin tool for system security such ask monitors
> the system, or any tools that help on how to do hosts.allow and hosts.deny.

tcpdchk(8) will check your tcp_wrappers configuration. tcpdmatch(8) will
let you check how tcp_wrappers will respond to a specific request for 
service. `man 5 hosts_access' and `man 5 hosts_options' should provide 
you with more information on how to configure the access control files.

There are several security-related monitors in the ports, e.g., arpwatch,
smurflog, sniff, and sentry. You might also want to read the FreeBSD
Security How-To at 

  http://www.freebsd.org/~jkb/howto.html

-- 
Regards,
Norman C. Rice, Jr.


> 	Thanks
> 
> Binh Nguyen

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message