What are TCP Wrapper ?
TCP Wrapper is a host-based networking ACL(Access Control List) system, It is used to filter network access to Internet Protocol servers on UNIX like operating systems such as CentOS,Ubuntu,RHEL,Fedora & Solaris. It allows host or subnetwork IP addresses & names query replies, to be used as tokens on which to filter for access control purposes.
TCP Wrapper is generally used to restrict unauthorized access to Linux server and Network services. Some of the advantages of TCP Wrapper are listed below :
Which Services Can be controlled by TCP Wrapper :
In Linux like Operating System TCP wrapper packages : tcp_wrappers and tcp_wrappers-libs are installed by default. We can only control network services which are complied against the libwrap.a library. To determine if a network service is linked to libwrap.a, type the below command as the root user:
# ldd <Absolute-Path-to-Service> | grep libwrap
Use whereis command to determine the absolute path of the service like # whereis sshd
root@nextstep4it:~# ldd /usr/sbin/sshd | grep libwrap
In the above example as we can see that sshd service is complied with libwrap library , so we can control this service using TCP wrappers. Some of the other services which can controlled by TCP wrapper are /usr/sbin/sendmail, and /usr/sbin/xinetd.
Configuration files of TCP Wrapper :
There are two configuration files of TCP Wrapper : /etc/hosts.allow & /etc/hosts.deny
Note : If the same client / ip is listed in both hosts.allow and hosts.deny, then hosts.allow takes precedence and access is permitted. If the client is listed in hosts.allow, then is access permitted. If the client is listed in hosts.deny, then access is denied. If no rules for the service are found in either file, or if neither file exists, access to the service is granted
Format or Syntax Used in Configuration Files :
<daemon list>: <client list> [: <option>: <option>: ...]
Most Common Wild Cards used in TCP Wrapper config files are listed below :