[CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

Fri Mar 21 02:25:02 UTC 2014
zGreenfelder <zgreenfelder at gmail.com>

>
> What do you think? Do you rely on hosts.allow/hosts.deny a primary security
> mechanism? As defense-in-depth? Do you have policies which mandate it?
>
> Your feedback appreciated. Thanks!
>
>
> * and the standard caveats that Fedora doesn't necessarily determine the
> path for RHEL apply, of course.
>


I'll try to keep my response as free from whining and gnashing of
teeth as that seems to be well covered by many others.   where I work
uses it now, I've been at places that while I can't recall there being
a specific mandate for tcp wrappers, they had really stupid 'must
have' requirements (like root's home has to be mode 700.   which
while fine, good, great even on standard linux systems is less than
helpful on standard older releases of solaris where root has / as a
home dir), so I can imagine they could have that.    I like the notion
of keeping it around and having someone take over the maint work would
be great, but I can understand why it might be good to retire, and I'm
pretty sure I'd adapt (possibly moving to the route of building my own
from source if I -really- decided I had to have it, although life is
much easier when the libs are blown into the daemons directly)


-- 
Even the Magic 8 ball has an opinion on email clients: Outlook not so good.