20 Mar
2014
20 Mar
'14
8:05 p.m.
On Thu, Mar 20, 2014 at 12:55:56PM -0700, Keith Keller wrote:
What do you think? Do you rely on hosts.allow/hosts.deny a primary security mechanism? As defense-in-depth? Do you have policies which mandate it?
I currently use it in conjunction with denyhosts, but have been considering moving to something like sshguard with iptables instead. If hosts.deny support disappeared then I would simply go that route when necessary. May I ask what the reason is for considering dropping tcp wrappers support?
I think the main reasons are: upstream library isn't actually maintained since June 2001. The API is somewhat ugly and crufty. Possibly also one more place to check, making systems administration harder.
--
Matthew Miller mattdm@mattdm.org http://mattdm.org/