[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-developers] security, trusted ip addr, any pointers (raq4i)?

Subject: RE: [cobalt-developers] security, trusted ip addr, any pointers (raq4i)?
From: David Yates Buckley <yates@xxxxxxxxx>
Date: Sat Jun 16 03:10:00 2001
List-id: Discussion Forum for developers on Cobalt Networks products <cobalt-developers.list.cobalt.com>

I believe .htaccess is used in reference to apache only. I am currently not
as worried about intrusion through apache, rather I am worried about
intrusion through other services. Someone sniffing admin during an ftp to
the root... or a foul password chosen by a user that lets someone get a
foot in there.

I went through some searches and am focusing on the function of the
hosts.allow and hosts.deny files.

As per man page:
/ The default policy (no access) is implemented with a trivial deny file:
/
/       /etc/hosts.deny:
/          ALL: ALL
/
/ This denies all service to all hosts, unless they are permitted access by
entries in the /allow file.
/
/       The explicitly authorized hosts are listed in the allow file.  For
example:
/
/       /etc/hosts.allow:
/          ALL: LOCAL @some_netgroup
/          ALL: .foobar.edu EXCEPT terminalserver.foobar.edu

However I am afraid that a setting such as above would make a major mess
with regards to some services such as dns etc...

Is anyone using hosts.allow and deny, could they share what kind of hosts I
need to "allow"?

Thank you!
Yates Buckley,
Technical Director,
Unit9 Ltd.

At 08:41 AM 6/16/01 -0400, you wrote:
>will .htaccess help?
>
>Pete
>
>-----Original Message-----
>From: cobalt-developers-admin@xxxxxxxxxxxxxxx
>[mailto:cobalt-developers-admin@xxxxxxxxxxxxxxx]On Behalf Of David Yates
>Buckley
>Sent: Wednesday, June 13, 2001 9:21 PM
>To: cobalt-developers@xxxxxxxxxxxxxxx
>Subject: [cobalt-developers] security, trusted ip addr, any pointers
>(raq4i)?
>
>
>Hello again,
>
>Could someone suggest where I should look to only allow ftp and ssh telnet
>services to connect from certain source addresses (on a raq4i).
>
>I am aware that this does not constitute a secure host, but it would add a
>filter to ridiculous passwords users choose sometimes.
>
>I am sure this is a faq, but I can't find it.
>
>Thank you!
>
>Yates Buckley,
>Technical Director, Unit9 Ltd.
>
>
>_______________________________________________
>cobalt-developers mailing list
>cobalt-developers@xxxxxxxxxxxxxxx
>http://list.cobalt.com/mailman/listinfo/cobalt-developers
>
>_______________________________________________
>cobalt-developers mailing list
>cobalt-developers@xxxxxxxxxxxxxxx
>http://list.cobalt.com/mailman/listinfo/cobalt-developers
>
>

References:
- [cobalt-developers] security, trusted ip addr, any pointers (raq4i)?
  - From: David Yates Buckley
- RE: [cobalt-developers] security, trusted ip addr, any pointers (raq4i)?
  - From: Pete Stulginskis

Prev by Date: Re: [cobalt-developers] Majordomo and Lyris
Next by Date: Re: [cobalt-developers] Majordomo
Previous by thread: RE: [cobalt-developers] security, trusted ip addr, any pointers (raq4i)?
Next by thread: [cobalt-developers] Java on Qube 3

Sun Cobalt Developers Message Index

Sun Cobalt Developers Thread Index