LPI 102-500 Exam - Topic 7 Question 110 Discussion

The /etc/hosts.allow file contains a set of rules that specify which services and hosts are allowed to connect to the server by going through a TCP Wrapper program such as tcpd. TCP Wrappers are a security mechanism that can filter incoming requests based on the source address, destination address, and service name. TCP Wrappers can also perform logging, redirection, and execution of commands based on the rules.

The /etc/hosts.allow file has the following format:

service_list : host_list [ : option_list ]

The service_list is a comma-separated list of service names, such as sshd, telnet, or ftp. The host_list is a comma-separated list of host names, IP addresses, or network masks that are allowed to access the services. The option_list is an optional list of keywords that can modify the behavior of the rule, such as twist, spawn, deny, or allow.

For example, the following rule in /etc/hosts.allow allows ssh access from any host in the 192.168.1.0/24 network, and logs the connection attempt:

sshd : 192.168.1.0/255.255.255.0 : spawn /bin/echo %a from %h attempted to access %d >> /var/log/sshd.log

The /etc/hosts.allow file is processed before the /etc/hosts.deny file, which contains the rules for denying access to the server. If a request matches a rule in /etc/hosts.allow, it is granted access and the processing stops. If it does not match any rule in /etc/hosts.allow, it is checked against the rules in /etc/hosts.deny. If it matches a rule in /etc/hosts.deny, it is denied access and the processing stops. If it does not match any rule in either file, it is granted access by default.

LPI 102-500 Exam Objectives, Topic 110.3: Implement host security

LPI 102-500 Study Guide, Chapter 10: Securing Your System, Section 10.3: TCP Wrappers

hosts.allow man page