[CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

Thu Mar 20 20:05:17 UTC 2014
Matthew Miller <mattdm at mattdm.org>

On Thu, Mar 20, 2014 at 12:55:56PM -0700, Keith Keller wrote:
> > What do you think? Do you rely on hosts.allow/hosts.deny a primary security
> > mechanism? As defense-in-depth? Do you have policies which mandate it?
> I currently use it in conjunction with denyhosts, but have been
> considering moving to something like sshguard with iptables instead.  If
> hosts.deny support disappeared then I would simply go that route when
> necessary.
> May I ask what the reason is for considering dropping tcp wrappers
> support?

I think the main reasons are: upstream library isn't actually maintained
since June 2001. The API is somewhat ugly and crufty. Possibly also one more
place to check, making systems administration harder.

Matthew Miller           mattdm at mattdm.org          <http://mattdm.org/>