[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] new openssl vulnerabilities

Subject: Re: [cobalt-users] new openssl vulnerabilities
From: Parker Morse <morse@xxxxxxxxxxx>
Date: Tue Jul 30 09:20:56 2002
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

On Tuesday, July 30, 2002, at 11:57  AM, Network Operations wrote:

how would you used hosts.deny to block all access to port 22 except
from a list of specified ip's?

Or would hosts.deny even be what you want to use?

You could use hosts.deny with its (evil?) twin, hosts.allow. See "manhosts.allow" (or "man hosts.deny") for more details, but here's the keypart of the man page:


---begin excerpt---

The access control software consults two files. The search stops at thefirst match:

o Access will be granted when a (daemon,client) pair matches an entry inthe /etc/hosts.allow file.

o Otherwise, access will be denied when a (daemon,client) pair matchesan entry in the /etc/hosts.deny file.


o	Otherwise, access will be granted.

A non-existing access control file is treated as if it were an emptyfile. Thus, access control can be turned off by providing no accesscontrol files.


---end excerpt--

So I would try adding your specified IPs to hosts.allow, and then put theappropriate "deny all" rule in hosts.deny.

pjm

References:
- RE: [cobalt-users] new openssl vulnerabilities
  - From: Network Operations

Prev by Date: Re: [cobalt-users] Looking for a RAQ3 Software Archive
Next by Date: RE: [cobalt-users] new openssl vulnerabilities
Previous by thread: RE: [cobalt-users] new openssl vulnerabilities
Next by thread: RE: [cobalt-users] new openssl vulnerabilities

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index