Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 26 Aug 2005 11:40:43 +1000
From:      freebsd-questions@auscert.org.au
To:        freebsd-questions@freebsd.org
Cc:        "albi@scii.nl" <albi@scii.nl>
Subject:   Re: Illegal access attempt - FreeBSD 5.4 Release - please advise 
Message-ID:  <200508260140.j7Q1ehvA013284@app.auscert.org.au>
In-Reply-To: Your message of "Fri, 26 Aug 2005 00:48:11 %2B0200." <20050826004811.7d730f7c.albi@scii.nl> 

next in thread | previous in thread | raw e-mail | index | archive | help
> On Fri, 26 Aug 2005 00:24:48 +0200
> Maarten Sanders <maarfree@xs4all.nl> wrote:
> 
> > Nice suggestion, but how do I enable tcp_wrappers with sshd?
> 
> from
> http://lists.freebsd.org/pipermail/freebsd-security/2004-September/002351.htm
> l
> 
> in /usr/src/crypto/openssh/config.h
> find the line :
> /* Define if you want TCP Wrappers support */
> enable it, rebuild etc.

This is the default, so no need to rebuild - you just have to tighten up
your /etc/hosts.allow.  Instead of the default:

	ALL : ALL : allow

try (eg if you have a host 192.168.1.1):

	sshd : 192.168.1.1 : allow
	ALL : ALL : deny

joel



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200508260140.j7Q1ehvA013284>