Linux Security 101 : TCP wrappers
TCP wrappers oversee and control access to services that use the libwrap library.
We could check if a service is "wrapped" using the "ldd" command, which is a program that displays the shared libraries.
For example we see that the "sshd" services is "wrapped":
The TCP wrappers can control access to services using the below parameters:
- DNS names
- IP address
- Network address
- . . . . .
When the service is "wrapped" the request is forwarded to the wrapped service and if the service is managed by xinetd, the request is handed over to the xinetd service which in turns hands it over to the destination service.
The TCP wrapper configuration access files:
TCP wrappers use two access files:
-/etc/hosts.allow : is checked first, if the TCP wrapper doesn't find a match, it checks the "/etc/hosts.deny" file.
-/etc/hosts.deny : if the TCP wrapper finds a match the access to the service is denied.
If there are no rules that match our connection in either files, access is granted.
Below is the format of the access files:
Examples of access files:
Accepts connections to - sshd - from - 10.1.45.54 -
Accepts connections to - sshd - from the whole network - 10.1.45.0 -
Below are a couple more examples:
For logging purposes, we could use the Action field for example in the "/etc/hosts.deny" file when receiving a connection from the host - 10.1.45.54 -:
We could also use the Action field to start a new program when receiving the connection from the client - for example from the IP 10.1.45.54 shown below -:
We could use the below parameters to display extra information about the client, for example:
- %a : client IP address.
- %s : server information