S o n o m a U s e r M a n u a l
42
C H A P T E R F I V E
43
S o n o m a U s e r M a n u a l
S E C U R I T Y
This tells tcpd to deny access to in.telnetd, sshd and snmpd to all hosts not listed in the /etc/
hosts.allow le. The snmpd and sshd daemons also parse this le directly prior to granting access to
a requesting host.
Next you will be prompted to enter a list of hosts that will be granted access to in.telnetd, sshd
and snmpd. These appear in the /etc/hosts.allow as lines like this:
in.telnetd: 192.168.1.2, 192.168.1.3
sshd: 192.168.1.2, 192.168.1.3
snmpd: 192.168.1.2, 192.l68.1.3
This simple shell script handles the needs of most users, however the syntax of these two les sup-
ports elaborate conguration possibilities which are beyond the capabilites of this simple shell script.
Advanced users who need these capabilities will need to edit these two les directly and then copy
them to the /boot/etc directory. (See Appendix C - Helpful Linux Information, Using Editors.) Be
careful to maintain the proper ownership and access permissions by using cp -p when copying the
les.
Restrict Access - HTTPS
To control access via HTTPS, you must edit the /etc/httpd/httpd.conf le and add the equivalent deny
followed by allow directives. For example, the default le contains these lines:
<Directory />
AllowOverride none
Require all denied
</Directory>
To restrict access to a specic host, you would begin by modifying this directive as follows:
<Directory />
AllowOverride none
Require all granted
</Directory>
Next, the default le contains these lines that must be edited:
# Controls who can get stuff from this server.
#
Require all granted
To complete the conguration steps to restrict access and allow a specic host with IP address
xxx.xxx.xxx.xxx, you would modify the directives as follows:
# Controls who can get stuff from this server.
#
Order Deny,Allow
Deny from all
Allow from xxx.xxx.xxx.xxx
To Next Page
Loading...
