From owner-freebsd-security  Tue Feb  2 17:26:03 1999
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id RAA15137
          for freebsd-security-outgoing; Tue, 2 Feb 1999 17:26:03 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from granite.sentex.net (granite.sentex.ca [199.212.134.1])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id RAA15078
          for <security@freebsd.org>; Tue, 2 Feb 1999 17:25:56 -0800 (PST)
          (envelope-from mike@sentex.net)
Received: from ospf-wat.sentex.net (ospf-wat.sentex.net [209.167.248.81]) by granite.sentex.net (8.8.8/8.6.9) with SMTP id UAA15624; Tue, 2 Feb 1999 20:25:43 -0500 (EST)
From: mike@sentex.net (Mike Tancsa)
To: Binh@asu.edu (Binh Nguyen)
Cc: security@FreeBSD.ORG
Subject: Re: hosts.allow and deny!
Date: Wed, 03 Feb 1999 01:32:25 GMT
Message-ID: <36b7a502.193777517@mail.sentex.net>
References: <MAILPine.GSO.3.96.990202112911.8764A-100000@ai.asu.edu>
In-Reply-To: <MAILPine.GSO.3.96.990202112911.8764A-100000@ai.asu.edu>
X-Mailer: Forte Agent .99e/32.227
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On 2 Feb 1999 18:03:57 -0500, in sentex.lists.freebsd.misc you wrote:

>Hi!
>	
>	I want to ask a question.  Is there a way on Freebsd2.2.8 that I could
>implement the hosts.allow and hosts.deny, so no one could access my server
>without being addin the hosts.allow.
>	Also, is there a good admin tool for system security such ask monitors
>the system, or any tools that help on how to do hosts.allow and hosts.deny.
>	Thanks

There are a few tools like this in the /usr/ports/security tree. What you
are after is tcpwrappers.  
cd /usr/ports/security/tcp_wrapper
make install

Then edit /etc/inetd.conf

and change the telnet line to be 
telnet  stream  tcp     nowait  root    /usr/local/libexec/tcpd telnetd

Then in /usr/local/etc/hosts.deny
ALL:ALL 
In /usr/local/etc/hosts.allow
goodhost.com

If you add to /etc/syslog.conf
auth* and authpriv.*, you will see it logged to syslog.

You should also look into ipfw as well.


	---Mike

Mike Tancsa  (mdtancsa@sentex.net)		
Sentex Communications Corp,   		
Waterloo, Ontario, Canada

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message