On 03/20/2014 12:48 PM, Matthew Miller wrote:
Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore? And, would you care strongly if it went away (or would you just migrate to something else)?
I bring this up because we are discussing dropping it from Fedora. This would be far enough in the future that it wouldn't impact RHEL 7, and therefore won't affect anyone here for Quite Some Time*, but here in the new world order of CentOS, I thought it might be useful to check with some actual downstream users.
What do you think? Do you rely on hosts.allow/hosts.deny a primary security mechanism? As defense-in-depth? Do you have policies which mandate it?
Your feedback appreciated. Thanks!
- and the standard caveats that Fedora doesn't necessarily determine the
path for RHEL apply, of course.
I use it in conjunction with other utilities... They modify the hosts.deny in response to log parsing.
Please keep in mind, security in layers.