On 03/20/2014 12:48 PM, Matthew Miller wrote: > Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore? And, would > you care strongly if it went away (or would you just migrate to something > else)? > > I bring this up because we are discussing dropping it from Fedora. This > would be far enough in the future that it wouldn't impact RHEL 7, and > therefore won't affect anyone here for Quite Some Time*, but here in the new > world order of CentOS, I thought it might be useful to check with some > actual downstream users. > > What do you think? Do you rely on hosts.allow/hosts.deny a primary security > mechanism? As defense-in-depth? Do you have policies which mandate it? > > Your feedback appreciated. Thanks! > > > * and the standard caveats that Fedora doesn't necessarily determine the > path for RHEL apply, of course. > > I use it in conjunction with other utilities... They modify the hosts.deny in response to log parsing. Please keep in mind, security in layers.