[CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

Bruce Ferrell bferrell at baywinds.org
Fri Mar 21 15:13:21 UTC 2014


On 03/20/2014 12:48 PM, Matthew Miller wrote:
> Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore? And, would
> you care strongly if it went away (or would you just migrate to something
> else)?
>
> I bring this up because we are discussing dropping it from Fedora. This
> would be far enough in the future that it wouldn't impact RHEL 7, and
> therefore won't affect anyone here for Quite Some Time*, but here in the new
> world order of CentOS, I thought it might be useful to check with some
> actual downstream users.
>
> What do you think? Do you rely on hosts.allow/hosts.deny a primary security
> mechanism? As defense-in-depth? Do you have policies which mandate it?
>
> Your feedback appreciated. Thanks!
>
>
> * and the standard caveats that Fedora doesn't necessarily determine the
> path for RHEL apply, of course.
>
>
I use it in conjunction with other utilities... They modify the hosts.deny in response to log parsing.

Please keep in mind, security in layers.



More information about the CentOS mailing list