And, would you care strongly if it went away (or would you just
migrate to something else)?
I would care strongly as I use it at home to limit inbound ssh to just the
IP addresses of my work machine. Setting up IPtables is more complicated
which can be read as easier to get it wrong.
On Thu, 2014-03-20 at 15:48 -0400, Matthew Miller wrote:
Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?
A very late reply - yes we use it in conjunction with iptables (on
CentOS 5/6 and Fedora). Tcp_wrappers allows filtering based on DNS name,
which (as far as I am aware)
On 04/20/2014 06:48 PM, John Horne wrote:
On Thu, 2014-03-20 at 15:48 -0400, Matthew Miller wrote:
Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?
A very late reply - yes we use it in conjunction with iptables (on
CentOS 5/6 and Fedora). Tcp_wrappers allows filtering based on
On Sun, 2014-04-20 at 19:27 -0500, Jim Perrin wrote:
The problem here wouldn't be so much building it from source. You'd have
to rebuild everything that would make use of it as well. For example
sshd is linked against it. -
Why ?
If the guy wants to use TCP Wrappers with one other specific
On 2014-04-21, Always Learning cen...@u62.u22.net wrote:
On Sun, 2014-04-20 at 19:27 -0500, Jim Perrin wrote:
The problem here wouldn't be so much building it from source. You'd have
to rebuild everything that would make use of it as well. For example
sshd is linked against it. -
Why ?
As others have mentioned in this thread, yes I use it as part of
a defence in depth strategy, and it's a suitable tool for what
it is intended to do. I would not be happy with it going away,
especially if doing so broke various tools or introduced a
dependancy on a non-base RPM.
Devin
On Thu, Mar 20, 2014 at 4:05 PM, Matthew Miller mat...@mattdm.org wrote:
On Thu, Mar 20, 2014 at 12:55:56PM -0700, Keith Keller wrote:
What do you think? Do you rely on hosts.allow/hosts.deny a primary
security
mechanism? As defense-in-depth? Do you have policies which mandate it?
I
On Mon, Mar 24, 2014 at 11:15:04AM -0400, Brian Mathis wrote:
P.S. Is this somehow related to your Next proposal and trying to make
Fedora exciting?
Is it working? Got a pretty good thread going here :)
But in seriousness, no.
However, me asking here _is_ related to one of the things I've
On Sat, Mar 22, 2014 at 2:05 PM, Always Learning cen...@u62.u22.net wrote:
Nothing is easier and simpler than
[any-section]
parameter1=value1
parameter2=value2
On Sat, 2014-03-22 at 18:24 +1300, Cliff Pratt wrote:
That text format is simple. Too simple. If you have multiple
On 03/21/2014 08:37 AM, James B. Byrne wrote:
Possibly because the machines are running programs written by humans that need
to understand what they think they have told the machine to do in order to
determine why it is not doing what they want it to?
At the risk of running further
On Sun, Mar 23, 2014 at 2:02 AM, Always Learning cen...@u62.u22.net wrote:
On Sat, Mar 22, 2014 at 2:05 PM, Always Learning cen...@u62.u22.net
wrote:
Nothing is easier and simpler than
[any-section]
parameter1=value1
parameter2=value2
On Sat, 2014-03-22 at 18:24 +1300,
-Original Message-
From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
Behalf Of Matthew Miller
Sent: den 20 mars 2014 20:49
To: centos@centos.org
Subject: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny)
anymore?
Does anyone use tcp wrappers
On Thu, Mar 20, 2014 at 3:48 PM, Matthew Miller mat...@mattdm.org wrote:
Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore? And, would
you care strongly if it went away (or would you just migrate to something
else)?
I bring this up because we are discussing dropping it from
On Thu, March 20, 2014 17:34, Always Learning wrote:
Nothing remains static. Software evolves into usually superior products.
Sentimentally longing for the past hampers the introduction of new and
better replacements.
Yes. For example look how MicroSoft has improved Windows since XPsp3.;-^)
On Thu, March 20, 2014 18:52, Les Mikesell wrote:
xml isn't intended for humans - it is supposed to be parsed and
verified by machines. The bigger question is why the machines aren't
managing the config files themselves yet?
Possibly because the machines are running programs written by
On Fri, Mar 21, 2014 at 08:33:19AM -0400, James B. Byrne wrote:
On Thu, March 20, 2014 17:34, Always Learning wrote:
Nothing remains static. Software evolves into usually superior products.
Sentimentally longing for the past hampers the introduction of new and
better replacements.
On Fri, Mar 21, 2014 at 8:33 AM, James B. Byrne byrn...@harte-lyne.ca wrote:
On Thu, March 20, 2014 17:34, Always Learning wrote:
Nothing remains static. Software evolves into usually superior products.
Sentimentally longing for the past hampers the introduction of new and
better
On Fri, Mar 21, 2014 at 7:37 AM, James B. Byrne byrn...@harte-lyne.ca wrote:
On Thu, March 20, 2014 18:52, Les Mikesell wrote:
xml isn't intended for humans - it is supposed to be parsed and
verified by machines. The bigger question is why the machines aren't
managing the config files
Larry Martell wrote:
On Fri, Mar 21, 2014 at 8:33 AM, James B. Byrne byrn...@harte-lyne.ca
wrote:
On Thu, March 20, 2014 17:34, Always Learning wrote:
Nothing remains static. Software evolves into usually superior
products. Sentimentally longing for the past hampers the introduction
of new
On 03/20/2014 04:13 PM, Matthew Miller wrote:
On Thu, Mar 20, 2014 at 04:00:49PM -0400, John Jasen wrote:
Various government entities may use it extensively. I don't recall if
tcp_wrappers is in the USGCB baselines for RHEL, but I do believe its in
several CIS benchmarks.
Good question. I
On 03/20/2014 06:23 PM, Les Mikesell wrote:
Not sure there's a one-to-one mapping or even a conceptual overlap in
what tcpwrappers and iptables do. Applications can be configured to
use different ports than someone setting up iptables might expect -
and how would you handle portmapper?
On Fri, Mar 21, 2014 at 09:29:01AM -0400, John Jasen wrote:
https://benchmarks.cisecurity.org/tools2/linux/CIS_RHEL5_Benchmark_v1.1.pdf
Also note, agencies or groups required to implement CIS or better who
maintain a mixed environment may also use tcp_wrappers on all their
platforms, as from a
On Thu, Mar 20, 2014 at 11:13 PM, Keith Keller
kkel...@wombat.san-francisco.ca.us wrote:
The technical problem is that there's no maintainer. Are you
volunteering (and capable)?
Then, for crying out loud... :) this discussion should have been started
with a different subject line:
Looking
Am 20.03.2014 um 22:22 schrieb Matthew Miller mat...@mattdm.org:
On Thu, Mar 20, 2014 at 06:14:56PM -0300, Fernando Cassia wrote:
Please don't remove it. Why this sudden idea in software circles that
stuff that works properly needs to be removed for no reason whatsoever
other than it's old
On Fri, Mar 21, 2014 at 8:58 AM, Fernando Cassia fcas...@gmail.com wrote:
The technical problem is that there's no maintainer. Are you
volunteering (and capable)?
Then, for crying out loud... :) this discussion should have been started
with a different subject line:
Looking for a new tcp
On Fri, 21 Mar 2014, Leon Fauster wrote:
its just used in a multiple layer protection / security model.
Bingo! Same here. And it works well!
well i would say its more scary when humans are editing configuration files
:-)
I can speak for nearly 20 years of experience on this, including
On 03/20/2014 12:48 PM, Matthew Miller wrote:
Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore? And, would
you care strongly if it went away (or would you just migrate to something
else)?
I bring this up because we are discussing dropping it from Fedora. This
would be far enough
On Fri, Mar 21, 2014, m.r...@5-cent.us wrote:
Larry Martell wrote:
On Fri, Mar 21, 2014 at 8:33 AM, James B. Byrne byrn...@harte-lyne.ca
wrote:
...
Yes. For example look how MicroSoft has improved Windows since
XPsp3.;-^)
I wouldn't know. I don't use it. I've been programming professionally
On Thu, Mar 20, 2014, Keith Keller wrote:
On 2014-03-21, Fernando Cassia fcas...@gmail.com wrote:
Interesting double negative. Implies that once the technical barriers are
removed, then it's OK to remove old features for change's sake. ;)
If, as Matthew says, the codebase hasn't been
On Fri, Mar 21, 2014 at 7:33 AM, James B. Byrne byrn...@harte-lyne.ca wrote:
Nothing remains static. Software evolves into usually superior products.
Sentimentally longing for the past hampers the introduction of new and
better replacements.
Yes. For example look how MicroSoft has improved
- Original Message -
| Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore? And,
| would
| you care strongly if it went away (or would you just migrate to
| something
| else)?
|
Yes, we do use TCP Wrappers. We also use IPTables, edge gateway firewalls,
VPNs and other tools.
On Fri, Mar 21, 2014 at 3:54 PM, James A. Peltier jpelt...@sfu.ca wrote:
I'd love to hear about the old and unmaintainable code. It's open
source code. If somethings broken you can fix it right!?! That's the open
source mantra! Either provide a set of reasons why it should be removed
and
On Fri, 21 Mar 2014, Fernando Cassia wrote:
On Fri, Mar 21, 2014 at 3:54 PM, James A. Peltier jpelt...@sfu.ca wrote:
I'd love to hear about the old and unmaintainable code. It's open
source code. If somethings broken you can fix it right!?! That's the open
source mantra! Either provide a
On Fri, Mar 21, 2014 at 1:54 PM, James A. Peltier jpelt...@sfu.ca wrote:
The case is being made to remove a tool that is considered to be legacy.
While it is understood that legacy = old/unmaintained/crap,
No, legacy = the foundation everything else builds on. Change it at
the risk of
On Fri, Mar 21, 2014 at 9:44 AM, Les Mikesell lesmikes...@gmail.com wrote:
Yes, but that reason is generally that someone changed the language
syntax underneath it instead of settling on simple working APIs.
What has actually stayed stable and backwards compatible over the
years other than
On Fri, 2014-03-21 at 08:33 -0400, James B. Byrne wrote:
On Thu, March 20, 2014 17:34, Always Learning wrote:
Nothing remains static. Software evolves into usually superior products.
Sentimentally longing for the past hampers the introduction of new and
better replacements.
Yes. For
On Fri, Mar 21, 2014 at 10:36 AM, Always Learning cen...@u62.u22.netwrote:
On Thu, 2014-03-20 at 17:18 -0400, m.r...@5-cent.us wrote:
On the other hand, what justifiable reason was there for the massively
increased complexity of grub2? And why do all configuration files
suddenly
On Thu, 2014-03-20 at 17:18 -0400, m.r...@5-cent.us wrote:
On the other hand, what justifiable reason was there for the massively
increased complexity of grub2? And why do all configuration files
suddenly *desperately* need to be xml?
On Fri, Mar 21, 2014 at 10:36 AM, Always Learning
Date: Thu, 20 Mar 2014 18:14:56 -0300
On Thu, Mar 20, 2014 at 4:48 PM, Matthew Miller mat...@mattdm.org wrote:
Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore? And, would
you care strongly if it went away (or would you just migrate to something
else)?
Please don't remove it.
On Sat, Mar 22, 2014 at 2:05 PM, Always Learning cen...@u62.u22.net wrote:
On Thu, 2014-03-20 at 17:18 -0400, m.r...@5-cent.us wrote:
On the other hand, what justifiable reason was there for the
massively
increased complexity of grub2? And why do all configuration files
suddenly
Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore? And, would
you care strongly if it went away (or would you just migrate to something
else)?
I bring this up because we are discussing dropping it from Fedora. This
would be far enough in the future that it wouldn't impact RHEL 7, and
On 2014-03-20, Matthew Miller mat...@mattdm.org wrote:
What do you think? Do you rely on hosts.allow/hosts.deny a primary security
mechanism? As defense-in-depth? Do you have policies which mandate it?
I currently use it in conjunction with denyhosts, but have been
considering moving to
Various government entities may use it extensively. I don't recall if
tcp_wrappers is in the USGCB baselines for RHEL, but I do believe its in
several CIS benchmarks.
On 03/20/2014 03:55 PM, Keith Keller wrote:
On 2014-03-20, Matthew Miller mat...@mattdm.org wrote:
What do you think? Do you
On Thu, Mar 20, 2014 at 12:55:56PM -0700, Keith Keller wrote:
What do you think? Do you rely on hosts.allow/hosts.deny a primary security
mechanism? As defense-in-depth? Do you have policies which mandate it?
I currently use it in conjunction with denyhosts, but have been
considering moving
On Thu, Mar 20, 2014 at 04:00:49PM -0400, John Jasen wrote:
Various government entities may use it extensively. I don't recall if
tcp_wrappers is in the USGCB baselines for RHEL, but I do believe its in
several CIS benchmarks.
Good question. I checked with both that and the DoD National
Matthew Miller wrote:
Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore? And,
would you care strongly if it went away (or would you just migrate to
something else)?
I bring this up because we are discussing dropping it from Fedora. This
would be far enough in the future that it
On Thu, Mar 20, 2014 at 05:02:06PM -0400, m.r...@5-cent.us wrote:
mark awk, on the other hand, you'll get away from me when you pry
my cold, dead
We're definitely keeping awk. :)
--
Matthew Miller mat...@mattdm.org http://mattdm.org/
On Thu, Mar 20, 2014 at 4:48 PM, Matthew Miller mat...@mattdm.org wrote:
Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore? And, would
you care strongly if it went away (or would you just migrate to something
else)?
Please don't remove it. Why this sudden idea in software
Fernando Cassia wrote:
On Thu, Mar 20, 2014 at 4:48 PM, Matthew Miller mat...@mattdm.org wrote:
Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore? And,
would you care strongly if it went away (or would you just migrate to
something else)?
Please don't remove it. Why this sudden
On 3/20/2014 2:18 PM, m.r...@5-cent.us wrote:
On the other hand, what justifiable reason was there for the massively
increased complexity of grub2? And why do all configuration files suddenly
*desperately* need to be xml?
dont worry, in another year or 3, they'll all be JSON instead of XML.
On Thu, 2014-03-20 at 18:14 -0300, Fernando Cassia wrote:
On Thu, Mar 20, 2014 at 4:48 PM, Matthew Miller mat...@mattdm.org wrote:
Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?
Please don't remove it. Why this sudden idea in software circles that
stuff that works
On Thu, 2014-03-20 at 17:18 -0400, m.r...@5-cent.us wrote:
On the other hand, what justifiable reason was there for the massively
increased complexity of grub2? And why do all configuration files suddenly
*desperately* need to be xml?
Because misguided fools believe XML is wundervol and they
Matthew Miller wrote:
On Thu, Mar 20, 2014 at 06:14:56PM -0300, Fernando Cassia wrote:
snip
Fail2ban is one piece of software which interfaces with tcp wrappers.
v0.9.0 just out
http://www.fail2ban.org/wiki/index.php/Main_Page
Yes, and know for sure people use that -- I do, for example. But
John R Pierce wrote:
On 3/20/2014 2:18 PM, m.r...@5-cent.us wrote:
On the other hand, what justifiable reason was there for the massively
increased complexity of grub2? And why do all configuration files
suddenly *desperately* need to be xml?
dont worry, in another year or 3, they'll all be
On Thu, Mar 20, 2014 at 06:14:56PM -0300, Fernando Cassia wrote:
Please don't remove it. Why this sudden idea in software circles that
stuff that works properly needs to be removed for no reason whatsoever
other than it's old and we think nobody uses it. How do you know?.
Well, that's why I'm
On Thu, Mar 20, 2014, Fernando Cassia wrote:
On Thu, Mar 20, 2014 at 4:48 PM, Matthew Miller mat...@mattdm.org wrote:
Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore? And, would
you care strongly if it went away (or would you just migrate to something
else)?
Please don't remove
On Thu, Mar 20, 2014 at 4:47 PM, m.r...@5-cent.us wrote:
Excerpt:
What happened to the vision in open source?
The idea that there ever was a unified vision for open source seems
like a utopian rewrite of history. At least outside of the BSD
project... Even the commercial side of unix was
On Thu, Mar 20, 2014 at 4:39 PM, m.r...@5-cent.us wrote:
Matthew Miller wrote:
On Thu, Mar 20, 2014 at 06:14:56PM -0300, Fernando Cassia wrote:
snip
Fail2ban is one piece of software which interfaces with tcp wrappers.
v0.9.0 just out
http://www.fail2ban.org/wiki/index.php/Main_Page
Yes,
On Thu, Mar 20, 2014 at 4:18 PM, m.r...@5-cent.us wrote:
And why do all configuration files suddenly
*desperately* need to be xml?
xml isn't intended for humans - it is supposed to be parsed and
verified by machines. The bigger question is why the machines aren't
managing the config files
On Thu, Mar 20, 2014 at 05:23:24PM -0500, Les Mikesell wrote:
Yup - that's what we do here, use fail2ban to manipulate iptables.
Not sure there's a one-to-one mapping or even a conceptual overlap in
what tcpwrappers and iptables do. Applications can be configured to
use different ports than
On Mar 20, 2014, at 3:48 PM, Matthew Miller mat...@mattdm.org wrote:
Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore? And, would
you care strongly if it went away (or would you just migrate to something
else)?
I bring this up because we are discussing dropping it from
On Thu, Mar 20, 2014 at 8:36 PM, Steven Tardy sjt5a...@gmail.com wrote:
Political reasons shouldn't prevent removing tcp wrappers, but some
technical reasons still exist.
Interesting double negative. Implies that once the technical barriers are
removed, then it's OK to remove old features for
On 2014-03-21, Fernando Cassia fcas...@gmail.com wrote:
Interesting double negative. Implies that once the technical barriers are
removed, then it's OK to remove old features for change's sake. ;)
If, as Matthew says, the codebase hasn't been maintained since 2001,
then we should have concerns
What do you think? Do you rely on hosts.allow/hosts.deny a primary security
mechanism? As defense-in-depth? Do you have policies which mandate it?
Your feedback appreciated. Thanks!
* and the standard caveats that Fedora doesn't necessarily determine the
path for RHEL apply, of course.
64 matches
Mail list logo