[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] Configuring hosts.allow

Subject: [cobalt-security] Configuring hosts.allow
From: Craig <thebizworkers@xxxxxxxxx>
Date: Thu, 30 Aug 2001 21:26:14 -0700 (PDT)
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Can anyone please help me with the correct syntax with
the hosts.allow file? I've been reading all kinds of
information off the net regarding it's use (and from
the manual), but I'm not finding specific information
in regards to what I'm trying to do. It may be that
what I'm trying to do isn't possible with the file, so
I thought I'd ask.

In my hosts.deny file I've entered "ALL: ALL" to deny
access to everything. Then I wanted to allow specific
access (service and ISP) by means of the hosts.allow
file to specific domains housed on the server. I have
complied a list of which ISP's my customers use to
connect when FTPing to the server, and I wanted to
limit these connections (ISP's) to their specific
domain.

For example, 

- domainA and domainB are domains on the box.
- domainA uses earthlink.net to connect to FTP/POP3.
- domainB uses pacificbell.net to connect to these
services.

In my hosts.allow file I tried setting up the
following to only allow FTP/POP3 connections *from*
earthlink.net to "domainA". I was trying to keep just
anyone from an earthlink connection from having access
to any domain, except for the intended domain
(domainA).

in.proftpd : .earthlinl.net .domainA.com
in.qpopper : .earthlink.net .domainA.com

Then the same for domainB, using the information for
their ISP.

in.proftpd : .pacificbell.net .domainB.com
in.qpopper : .pacificbell.net .domainB.com

I thought this was the correct format, but I've
discovered that anyone coming in on earthlink.net can
connect to any domain on the system (domainA through
domainZ). The same for pacificbell.net or any other
ISP I have listed in the hosts.allow file.

Can someone tell me what's the proper syntax to limit
connections from a specific ISP, to a specific domain
on the system? Or is this not possible using the
hosts.allow file? Any help or suggestions would be
greatly appreciated. Thank you.

Barbara K


__________________________________________________
Do You Yahoo!?
Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger
http://im.yahoo.com

Prev by Date: Re: [cobalt-security] Lame Server messages
Next by Date: Re: [cobalt-security] SSH access when off at GUI ??
Previous by thread: [cobalt-security] Upgrade Process Confusion
Next by thread: [cobalt-security] RE: IPchains - How To

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index