Frequently used to monitor and control access to services listed in /etc/inetd.conf. The in.ftpd service might be wrapped using:
ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd -l -L -i -o
Before the in.telnetd daemon is spawned, tcpd first determines if the source is a permitted host. Connection attempts are sent to syslogd. All services should be disabled by default in /etc/hosts.deny using the following:
ALL: ALL
To send an email to the admin and report failed connection attempt:
ALL: ALL: /bin/mail \ -s “%s connection attempt from %c” admin@mydom.com
Enable specific services in /etc/hosts.allow using the service name followed by the host:
sshd: magneto.mydom.com, juggernaut.mydom.com in.ftpd: 192.168.1.
Trailing period indicates entire network should be permitted. Use tcpdchk to verify your access files. A syslog entry will be created for failed attempts. Access control is performed in the following order:
• Access will be granted when a daemon/client pair matches an entry in the /etc/hosts.allow file. • Otherwise, access will be denied when a daemon/client pair matches an entry in the /etc/hosts.deny file. • Otherwise, access will be granted.
A non-existing access control file is treated as if it were an empty file. Thus, access control will be turned off if no access control files are present!