TCP Wrappers
In the previous article we introduced the Iptables,iptables is also an access control mechanism. Due to the iptables in the parameters too much, for beginners to fully grasp the iptables has a certain degree of difficulty. Therefore, here we introduce another simple access control mechanism, that is, TCP Wrappers.
TCP wrappers works primarily by parsing the header information of TCP and matching the rules in/etc/hosts.allow and/etc/hosts.deny to determine which hosts can access system services or resources.
TCP Wrappers Although the TCP protocol can filter the message, but not all TCP protocol packets TCP wrappers can be filtered out. Only a function library that is linked to a TCP wrappers (this library is called libwrap.so) can use TCP wrappers for packet filtering.
To see if a service is linked to the libwrap.so dynamic function library, use the following command to view it:
LDD $ (which service name) or LDD ' which service name '
For example: To see if the sshd service is linked to the libwrap.so service, you can use the following command:
LDD $ (which sshd) | grep ' LibWrap '
Of course, some services are not linked to this dynamic function library, TCP wrappers can also be matched to their processing. The reason is that the function library of TCP wrappers is compiled directly into the service or program. So some services also support TCP Wrappers.
To see if a function library for TCP wrappers is compiled directly into a program, use the following command:
String ' which service name ' | grep hosts
If the following two lines appear, the TCP Wrappers function library is compiled directly into a program.
/etc/hosts.allow
/etc/hosts.deny
These two files are the files that are used when the TCP Wrappers matches the rule, and the two files appear to indicate that the service supports TCP Wrappers.
This article is from the "Linux Learning path" blog, so be sure to keep this source http://xslwahaha.blog.51cto.com/4738972/1571793
Another access control mechanism TCP Wrappers