Hi there, Am 29.11.2017 um 06:34 schrieb Bryan Smith:
> One thing I love about the LPIC-1 program is that it exposes > candidates to _all_ common technologies on a system ... especially > useful for troubleshooting. I.e., if one can't figure out why a > service isn't accessible, knowing _all_ the common places to look is > very useful. I question, whether tcp wrappers are really commonly used today. I do not question, that they are available for some services. I do not question, that they are useful in some corner cases. I'd say, iptables, ACL's, capabilities, AppArmor, SELinux, cgroups are much more commonly used than TCP wrappers. So candidates are much more likely to be hit by one of these. The most common service mentioned in this thread was ssh. But which admin still implements TCP wrappers on sshd, if he knows the Match keyword in sshd_config? There is only one reason to me: because he did so 15 years ago. > Alessandro Selli <[email protected]> wrote: >> Say you change in.ftpd service >> port to some non-standard one in it's configuration file. >> in.ftpd: 192.168.0.0/255.255.0.0 EXCEPT 192.168.1.0/255.255.255.0 >> in /etc/hosts.allow is still going to work, >> iptables -I INPUT -i eth0 -p tcp --dport ftp -m conntrack --ctstate NEW -j >> REJECT >> no longer will. FTP is an example of a protocol, that has lost importance. If this is the best use case for TCP wrappers we come up with, we should remove it from LPIC 1. Here's some indication, that on servers iptables is more commonly used than TCP wrappers: * No distro comes with TCP wrappers blocking some service by default, other than iptables * Ansible has an iptables module by default, TCP wrappers are in galaxy * PuppetForge finds 4 modules tagged with 'tcpwrappers' - none of them is supported by puppetlabs. And 22 modules tagged with 'iptables', one of them the "official" puppetlabs module So please TCP wrappers users: where is the indication, that TCP wrappers kept their importance since they have been introduced in LPIC 1 in 2001? Linux has changed, since! Ingo -- Linuxhotel GmbH, Geschäftsführer Dipl.-Ing. Ingo Wichmann HRB 20463 Amtsgericht Essen, UStID DE 814 943 641 Antonienallee 1, 45279 Essen, Tel.: 0201 8536-600, http://www.linuxhotel.de _______________________________________________ lpi-examdev mailing list [email protected] http://list.lpi.org/cgi-bin/mailman/listinfo/lpi-examdev
