[CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

Thu Mar 20 20:00:49 UTC 2014
John Jasen <jjasen at realityfailure.org>

Various government entities may use it extensively. I don't recall if
tcp_wrappers is in the USGCB baselines for RHEL, but I do believe its in
several CIS benchmarks.



On 03/20/2014 03:55 PM, Keith Keller wrote:
> On 2014-03-20, Matthew Miller <mattdm at mattdm.org> wrote:
>> What do you think? Do you rely on hosts.allow/hosts.deny a primary security
>> mechanism? As defense-in-depth? Do you have policies which mandate it?
> 
> I currently use it in conjunction with denyhosts, but have been
> considering moving to something like sshguard with iptables instead.  If
> hosts.deny support disappeared then I would simply go that route when
> necessary.
> 
> May I ask what the reason is for considering dropping tcp wrappers
> support?
> 
> --keith
> 


-- 
-- John Jasen (jjasen at realityfailure.org)
-- No one will sorrow for me when I die, because those who would
-- are dead already. -- Lan Mandragoran, The Wheel of Time, New Spring