[CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

Fri Mar 21 13:29:01 UTC 2014
John Jasen <jjasen at realityfailure.org>

On 03/20/2014 04:13 PM, Matthew Miller wrote:
> On Thu, Mar 20, 2014 at 04:00:49PM -0400, John Jasen wrote:
>> Various government entities may use it extensively. I don't recall if
>> tcp_wrappers is in the USGCB baselines for RHEL, but I do believe its in
>> several CIS benchmarks.
> 
> Good question. I checked with both that and the DoD National Checklist
> Program, and neither mention it. Also, unless I missed something else, the
> USGCB covers RHEL 5, so there won't be any impact there.
> 
> Are the CIS benchmarks something you could point me to?
> 

https://benchmarks.cisecurity.org/tools2/linux/CIS_RHEL5_Benchmark_v1.1.pdf

Also note, agencies or groups required to implement CIS or better who
maintain a mixed environment may also use tcp_wrappers on all their
platforms, as from a cursory glance, ever UNIX benchmark lists it.

I would recommend against dropping tcp wrappers.


-- 
-- John Jasen (jjasen at realityfailure.org)
-- No one will sorrow for me when I die, because those who would
-- are dead already. -- Lan Mandragoran, The Wheel of Time, New Spring