HI All, We remember, new SysAdmins, worked with legacy technology.
Is complicat Professional LPIC-X, not know trubleshooting hosts.allow, host.deny, etc. because are removed topic used on old release. Mi vision, LPIC not Certification to technology X ou OS Release, ex: RHCSA RHEL6, not valid RHCSA RHEL7. IPTABLES, is replaced with firewalld by default (RHEL7 and new SLES 15 ) But iptables, is used crucial, in LPIC-3-304, Cluster active/active, need iptables to create CLUSTER_IP, because "bucket request), keepalived, etc. iptables, need keep on LPI Program. https://www.suse.com/betaprogram/sle-beta/ 2017-11-29 7:30 GMT-02:00 Ortwin Ebhardt <[email protected]>: > Hi there, > I have to disagree with this one. From my experience, TCP wrappers are > still commonly used on many systems. (Well, this is of course my own > experience - so I may be wrong here.) There may be better ways, no doupt, > but this does not change the fact they are used. This does not indicate we > should ignore newer security features; but in my opinion, we should not > drop it (yet), as it still is importent to know. > > With best regards, > Ortwin > > > ------------------------------------------------------------ > ------------------------------ > Ortwin Ebhardt > > > Capricorn Consulting GmbH > An Krietes Park 6 > 28307 Bremen > > Telefon: +49 421 98981-642 > E-Mail: [email protected] > Internet: www.capricorn.de > Geschäftsführer: Thomas Bargfrede, Dipl.-Ing. Axel Buschmann, > Thomas von Massenbach, Thomas Heuermann > Registergericht: Amtsgericht Bremen, HRB 31421 > ------------------------------------------------------------ > ------------------------------ > Die Capricorn-News versorgen Sie mit aktuellen Informationen aus der > IT-Welt - Schauen Sie mal rein: www.capricorn.de *** In Kürze auch als > News-Abo verfügbar *** > -----Ursprüngliche Nachricht----- > Von: [email protected] [mailto:[email protected]] Im > Auftrag von Ingo Wichmann > Gesendet: Mittwoch, 29. November 2017 10:06 > An: This is the lpi-examdev mailing list. <[email protected]> > Betreff: Re: [lpi-examdev] LPIC-1 Exam 102 Objectives Discussion - TCP > Wrapper > > Hi there, > > Am 29.11.2017 um 06:34 schrieb Bryan Smith: > > > One thing I love about the LPIC-1 program is that it exposes > > candidates to _all_ common technologies on a system ... especially > > useful for troubleshooting. I.e., if one can't figure out why a > > service isn't accessible, knowing _all_ the common places to look is > > very useful. > > I question, whether tcp wrappers are really commonly used today. > I do not question, that they are available for some services. > I do not question, that they are useful in some corner cases. > > I'd say, iptables, ACL's, capabilities, AppArmor, SELinux, cgroups are > much more commonly used than TCP wrappers. So candidates are much more > likely to be hit by one of these. > > The most common service mentioned in this thread was ssh. But which admin > still implements TCP wrappers on sshd, if he knows the Match keyword in > sshd_config? > > There is only one reason to me: because he did so 15 years ago. > > > Alessandro Selli <[email protected]> wrote: > >> Say you change in.ftpd service > >> port to some non-standard one in it's configuration file. > >> in.ftpd: 192.168.0.0/255.255.0.0 EXCEPT 192.168.1.0/255.255.255.0 in > >> /etc/hosts.allow is still going to work, iptables -I INPUT -i eth0 -p > >> tcp --dport ftp -m conntrack --ctstate NEW -j REJECT no longer will. > > FTP is an example of a protocol, that has lost importance. If this is the > best use case for TCP wrappers we come up with, we should remove it from > LPIC 1. > > Here's some indication, that on servers iptables is more commonly used > than TCP wrappers: > > * No distro comes with TCP wrappers blocking some service by default, > other than iptables > * Ansible has an iptables module by default, TCP wrappers are in galaxy > * PuppetForge finds 4 modules tagged with 'tcpwrappers' - none of them is > supported by puppetlabs. And 22 modules tagged with 'iptables', one of them > the "official" puppetlabs module > > So please TCP wrappers users: where is the indication, that TCP wrappers > kept their importance since they have been introduced in LPIC 1 in 2001? > Linux has changed, since! > > Ingo > > > -- > Linuxhotel GmbH, Geschäftsführer Dipl.-Ing. Ingo Wichmann HRB 20463 > Amtsgericht Essen, UStID DE 814 943 641 Antonienallee 1, 45279 Essen, Tel.: > 0201 8536-600, http://www.linuxhotel.de ______________________________ > _________________ > lpi-examdev mailing list > [email protected] > http://list.lpi.org/cgi-bin/mailman/listinfo/lpi-examdev > > > _______________________________________________ > lpi-examdev mailing list > [email protected] > http://list.lpi.org/cgi-bin/mailman/listinfo/lpi-examdev > -- -- Alex [email protected][email protected] Analista Linux, Unix, Virtualização e Middleware Instrutor Linux e Open Source ----------------------------- AWS Technical Professional Azure Datacenter in Cloud Platform for Technical CompTIA Linux+ Powered by LPI SUSE 11 Certified Linux Administrator SUSE 11 Technical Specialist LPIC-1 Certified Linux Administrator LPIC-2 Certified Linux Engineer
_______________________________________________ lpi-examdev mailing list [email protected] http://list.lpi.org/cgi-bin/mailman/listinfo/lpi-examdev
