[CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?
Matthew Miller
mattdm at mattdm.org
Thu Mar 20 21:22:45 UTC 2014
On Thu, Mar 20, 2014 at 06:14:56PM -0300, Fernando Cassia wrote:
> Please don't remove it. Why this sudden idea in software circles that
> stuff that works properly needs to be removed for no reason whatsoever
> other than "it's old and we think nobody uses it". How do you know?.
Well, that's why I'm asking.
> IF IT AIN'T BROKEN, DON'T FIX IT. You might have heard of it.
Yes, I have heard of that.
But, are you actually using it? Do you need to?
There are real downsides to carrying unmaintained code forward.
Someone put forth the possibility of developing and maintaining a
maintaining a modern library implementing the same config files but with a
an updated codebase and better API, but no one has actually volunteered to
do that work. If you'd like to be that person, awesome.
> Fail2ban is one piece of software which interfaces with tcp wrappers.
> v0.9.0 just out
> http://www.fail2ban.org/wiki/index.php/Main_Page
Yes, and know for sure people use that -- I do, for example. But I use it to
manipulate IP tables, which is more secure and less fragile than the
hosts.deny action (it's always a bit scary when configuration files are
edited by a program!). Because it is actively maintained upstream, there's
even support for new things like firewalld.
On the other hand, people using unmaintained solutions like DenyHosts would
have to migrate.
--
Matthew Miller mattdm at mattdm.org <http://mattdm.org/>
More information about the CentOS
mailing list