Debian 7.0 Wheezy - Access Control by TCP Wrapper : Server World

Debian 7.0

Get Debian 7.0
Install Debian
Initial Settings
- (1) Set Admin User
- (2) Set Command Alias
- (3) Networking
- (4) Services
- (5) Update System
- (6) Configure vim
- (7) Configure sudo
NTP Server
SSH Server
- (1) Password Authentication
- (2) Keys Authentication
- (3) SFTP
DNS Server
- (1) Install BIND
- (2) Set Zones
- (3) Check working
- (4) Set CNAME
- (5) Config as a Slave Server
DHCP Server
Virtualization
- (1) Install KVM
- (2) Create Virtual Macine #1
- (3) Create Virtual Macine #2
- (4) Operation
- (5) SPICE Server
- (6) SPICE Client
Storage Server
- (1) Configure iSCSI Target
- (2) Configure iSCSI Initiator
NFS Server
- (1) Configure NFS Server
- (2) Configure NFS Client
NIS Server
- (1) Configure NIS Server
- (2) Configure NIS Client
LDAP Server
- (1) Configure LDAP Server
- (2) Configure LDAP Client
WEB Server
- ( 1 ) Install Apache2
- ( 2 ) Use Perl Script
- ( 3 ) Use PHP Script
- ( 4 ) Use Ruby Script
- ( 5 ) Enable Userdir
- ( 6 ) Virtual Hostings
- ( 7 ) Configure SSL
- ( 8 ) Configure WebDAV
- ( 9 ) Enable suEXEC
- (10) Basic Auth + PAM
- (11) Basic Auth + LDAP
- (12) Log Analyzer - Visitors
- (13) Log Analyzer - AWstats
- (14) WebMail - SquirrelMail
- (15) WebMail - RoundCube
Database
- (1) Install MySQL
- (2) Operate from Web Browser
FTP Server
- (1) Install Vsftpd
- (2) Install ProFTPD
- (3) Install Pure-FTPd
- (4) FTP Client - WinSCP
- (5) Vsftpd over TLS/SSL
- (6) ProFTPD over TLS/SSL
- (7) Pure-FTPd over TLS/SSL
MAIL Server
- (1) Install/Configure Postfix
- (2) Install/Configure Dovecot
- (3) Configure Client
- (4) Configure SSL
- (5) Virtual Domains
- (6) Run with Clamav - ClamSMTP
- (7) Log Analyzer - pflogsumm
- (8) Log Analyzer - MailGraph
- (9) Log Analyzer - AWstats
Samba Server
- (1) Create Fully Accessed Directory
- (2) Create Limited Directory
- (3) Install SWAT
Proxy Server
- (1) Install Squid
- (2) Run with Clamav - SquidClamav
- (3) Run with SquidGuard
- (4) Configure as a Reverse Proxy
Desktop Env
- (1) GNOME Desktop Environment
- (2) KDE Desktop Environment
- (3) Cinnamon Desktop Environment
- (4) MATE Desktop Environment
- (5) Install VNC Server
Others
- Set Disk Quota
- Add Hard Drive
- Set Password Rules
- Set System Timezone
- Set KeyboardMap
- Set Hostname
- Create SSL Certificates
- ACL - Access Controls
- TCP Wrapper - Access Controls
- Lsync - Sync Files
- Rsync - Sync Files
- ChkrootKit - Detect RootKit
- Clamav - Anti-Virus

Sponsored Link

Access Control by TCP Wrapper

20131/06/05

	This is the example for Access Control by TCP Wrapper.
[1]	Install TCP Wrapper

root@dlp:~#

aptitude -y install tcpd

[2]	Make sure if a service can be under the TCP Wrapper control or not with the following command. If it includes a link to 'libwrap', it's possible.

root@dlp:~#

ldd /usr/sbin/sshd | grep wrap

libwrap.so.0 => /lib/x86_64-linux-gnu/libwrap.so.0 (0x00007f52c7576000)

# this service can be under TCP Wrapper control because it includes 'libwrap'

[3]	Access control by TCP Wrapper is done with '/etc/hosts.allow' and '/etc/hosts.deny'. The example below shows to set access control which allow to access to sshd from 10.0.0.0/24.

root@dlp:~#

vi /etc/hosts.deny

sshd: ALL

root@dlp:~#

vi /etc/hosts.allow

sshd: 10.0.0.

[4]	For the case to allow the access to vsftpd from 'host.example.domain'.

root@dlp:~#

vi /etc/hosts.deny

vsftpd: ALL

root@dlp:~#

vi /etc/hosts.allow

vsftpd: host.example.domain

[5]	For the case to allow access to all services that can be under TCP Wrapper control only from 'example.domain' and '10.0.1.0/24'.

root@dlp:~#

vi /etc/hosts.deny

ALL: ALL

root@dlp:~#

vi /etc/hosts.allow

ALL: .example.domain 10.0.1.