Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

> >> And, would you care strongly if it went away (or would you just > >> migrate to something else)? > >> I would care strongly as I use it at home to limit inbound ssh to just the IP addresses of my work machine. Setting up IPtables is more complicated which can be read as "easier to get it wr

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

On 2014-04-21, Always Learning wrote: > > On Sun, 2014-04-20 at 19:27 -0500, Jim Perrin wrote: > >> The problem here wouldn't be so much building it from source. You'd have >> to rebuild everything that would make use of it as well. For example >> sshd is linked against it. -> > > Why ? > > If the

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

On Sun, 2014-04-20 at 19:27 -0500, Jim Perrin wrote: > The problem here wouldn't be so much building it from source. You'd have > to rebuild everything that would make use of it as well. For example > sshd is linked against it. -> Why ? If the guy wants to use TCP Wrappers with one other specif

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

On 04/20/2014 06:48 PM, John Horne wrote: > On Thu, 2014-03-20 at 15:48 -0400, Matthew Miller wrote: >> Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore? >> > A very late reply - yes we use it in conjunction with iptables (on > CentOS 5/6 and Fedora). Tcp_wrappers allows filtering ba

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

On Thu, 2014-03-20 at 15:48 -0400, Matthew Miller wrote: > Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore? > A very late reply - yes we use it in conjunction with iptables (on CentOS 5/6 and Fedora). Tcp_wrappers allows filtering based on DNS name, which (as far as I am aware) iptabl

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

As others have mentioned in this thread, yes I use it as part of a defence in depth strategy, and it's a suitable tool for what it is intended to do. I would not be happy with it going away, especially if doing so broke various tools or introduced a dependancy on a non-base RPM. Devin _

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

On Mon, Mar 24, 2014 at 11:15:04AM -0400, Brian Mathis wrote: > P.S. Is this somehow related to your Next proposal and trying to make > Fedora "exciting"? Is it working? Got a pretty good thread going here :) But in seriousness, no. However, me asking here _is_ related to one of the things I

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

On Thu, Mar 20, 2014 at 4:05 PM, Matthew Miller wrote: > On Thu, Mar 20, 2014 at 12:55:56PM -0700, Keith Keller wrote: > > > What do you think? Do you rely on hosts.allow/hosts.deny a primary > security > > > mechanism? As defense-in-depth? Do you have policies which mandate it? > > I currently u

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

On Sun, Mar 23, 2014 at 2:02 AM, Always Learning wrote: > > > On Sat, Mar 22, 2014 at 2:05 PM, Always Learning > wrote: > > > > > Nothing is easier and simpler than > > > > > > [any-section] > > > parameter1=value1 > > > parameter2=value2 > > On Sat, 2014-03-22 at 18:24 +1300, Cliff Pratt wrote:

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

On 03/21/2014 08:37 AM, James B. Byrne wrote: > > Possibly because the machines are running programs written by humans that need > to understand what they think they have told the machine to do in order to > determine why it is not doing what they want it to? > At the risk of running further off-to

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

> On Sat, Mar 22, 2014 at 2:05 PM, Always Learning wrote: > > > Nothing is easier and simpler than > > > > [any-section] > > parameter1=value1 > > parameter2=value2 On Sat, 2014-03-22 at 18:24 +1300, Cliff Pratt wrote: > That text format is simple. Too simple. If you have multiple similar > su

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

On Sat, Mar 22, 2014 at 2:05 PM, Always Learning wrote: > > On Thu, 2014-03-20 at 17:18 -0400, m.r...@5-cent.us wrote: > > > > > On the other hand, what justifiable reason was there for the > massively > > > > increased complexity of grub2? And why do all configuration files > > > > suddenly *des

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

Date: Thu, 20 Mar 2014 18:14:56 -0300 On Thu, Mar 20, 2014 at 4:48 PM, Matthew Miller wrote: > Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore? And, would > you care strongly if it went away (or would you just migrate to something > else)? > Please don't remove it. Why this sudde

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

On Thu, 2014-03-20 at 17:18 -0400, m.r...@5-cent.us wrote: > > > On the other hand, what justifiable reason was there for the massively > > > increased complexity of grub2? And why do all configuration files > > > suddenly *desperately* need to be xml? On Fri, Mar 21, 2014 at 10:36 AM, Always Le

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

On Fri, Mar 21, 2014 at 10:36 AM, Always Learning wrote: > > On Thu, 2014-03-20 at 17:18 -0400, m.r...@5-cent.us wrote: > > > On the other hand, what justifiable reason was there for the massively > > increased complexity of grub2? And why do all configuration files > suddenly > > *desperately* ne

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

On Fri, 2014-03-21 at 08:33 -0400, James B. Byrne wrote: > On Thu, March 20, 2014 17:34, Always Learning wrote: > > > > Nothing remains static. Software evolves into usually superior products. > > Sentimentally longing for the past hampers the introduction of new and > > better replacements. > >

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

On Fri, Mar 21, 2014 at 9:44 AM, Les Mikesell wrote: > Yes, but that reason is generally that someone changed the language > syntax underneath it instead of settling on simple working APIs. > What has actually stayed stable and backwards compatible over the > years other than bourne shell syntax

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

On Fri, Mar 21, 2014 at 1:54 PM, James A. Peltier wrote: >> > The case is being made to remove a tool that is considered to be legacy. > While it is understood that legacy = old/unmaintained/crap, No, legacy = the foundation everything else builds on. Change it at the risk of forcing everyone

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

On Fri, 21 Mar 2014, Fernando Cassia wrote: > On Fri, Mar 21, 2014 at 3:54 PM, James A. Peltier wrote: > >> >> I'd love to hear about the "old and unmaintainable code". It's open >> source code. If somethings broken you can fix it right!?! That's the open >> source mantra! Either provide a set

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

On Fri, Mar 21, 2014 at 3:54 PM, James A. Peltier wrote: > > I'd love to hear about the "old and unmaintainable code". It's open > source code. If somethings broken you can fix it right!?! That's the open > source mantra! Either provide a set of reasons why it should be removed > and the alter

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

- Original Message - | Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore? And, | would | you care strongly if it went away (or would you just migrate to | something | else)? | Yes, we do use TCP Wrappers. We also use IPTables, edge gateway firewalls, VPNs and other tools. T

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

On Fri, Mar 21, 2014 at 7:33 AM, James B. Byrne wrote: > >> >> Nothing remains static. Software evolves into usually superior products. >> Sentimentally longing for the past hampers the introduction of new and >> better replacements. > > Yes. For example look how MicroSoft has improved Windows sin

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

On Thu, Mar 20, 2014, Keith Keller wrote: >On 2014-03-21, Fernando Cassia wrote: >> >> Interesting double negative. Implies that once the "technical barriers" are >> removed, then it's OK to remove old features for change's sake. ;) > >If, as Matthew says, the codebase hasn't been maintained since

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

On Fri, Mar 21, 2014, m.r...@5-cent.us wrote: >Larry Martell wrote: >> On Fri, Mar 21, 2014 at 8:33 AM, James B. Byrne >> wrote: ... >>> Yes. For example look how MicroSoft has improved Windows since >>> XPsp3.;-^) >> >> I wouldn't know. I don't use it. I've been programming professionally >> sinc

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

On 03/20/2014 12:48 PM, Matthew Miller wrote: > Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore? And, would > you care strongly if it went away (or would you just migrate to something > else)? > > I bring this up because we are discussing dropping it from Fedora. This > would be far e

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

On Fri, 21 Mar 2014, Leon Fauster wrote: > its just used in a multiple layer protection / security model. Bingo! Same here. And it works well! > well i would say its more scary when humans are editing configuration files > :-) I can speak for nearly 20 years of experience on this, including bl

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

On Fri, Mar 21, 2014 at 8:58 AM, Fernando Cassia wrote: > >> The technical problem is that there's no maintainer. Are you >> volunteering (and capable)? >> > > Then, for crying out loud... :) this discussion should have been started > with a different subject line: > "Looking for a new tcp wrappe

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

Am 20.03.2014 um 22:22 schrieb Matthew Miller : > On Thu, Mar 20, 2014 at 06:14:56PM -0300, Fernando Cassia wrote: >> Please don't remove it. Why this sudden idea in software circles that >> stuff that works properly needs to be removed for no reason whatsoever >> other than "it's old and we think

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

On Thu, Mar 20, 2014 at 11:13 PM, Keith Keller < kkel...@wombat.san-francisco.ca.us> wrote: > The technical problem is that there's no maintainer. Are you > volunteering (and capable)? > Then, for crying out loud... :) this discussion should have been started with a different subject line: "Look

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

On Fri, Mar 21, 2014 at 09:29:01AM -0400, John Jasen wrote: > https://benchmarks.cisecurity.org/tools2/linux/CIS_RHEL5_Benchmark_v1.1.pdf > Also note, agencies or groups required to implement CIS or better who > maintain a mixed environment may also use tcp_wrappers on all their > platforms, as fro

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

On 03/20/2014 06:23 PM, Les Mikesell wrote: > Not sure there's a one-to-one mapping or even a conceptual overlap in > what tcpwrappers and iptables do. Applications can be configured to > use different ports than someone setting up iptables might expect - > and how would you handle portmapper? >

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

On 03/20/2014 04:13 PM, Matthew Miller wrote: > On Thu, Mar 20, 2014 at 04:00:49PM -0400, John Jasen wrote: >> Various government entities may use it extensively. I don't recall if >> tcp_wrappers is in the USGCB baselines for RHEL, but I do believe its in >> several CIS benchmarks. > > Good quest

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

Larry Martell wrote: > On Fri, Mar 21, 2014 at 8:33 AM, James B. Byrne > wrote: >> >> On Thu, March 20, 2014 17:34, Always Learning wrote: >>> >>> Nothing remains static. Software evolves into usually superior >>> products. Sentimentally longing for the past hampers the introduction of new and >>>

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

On Fri, Mar 21, 2014 at 7:37 AM, James B. Byrne wrote: > > On Thu, March 20, 2014 18:52, Les Mikesell wrote: > >> xml isn't intended for humans - it is supposed to be parsed and >> verified by machines. The bigger question is why the machines aren't >> managing the config files themselves yet? >>

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

On Fri, Mar 21, 2014 at 8:33 AM, James B. Byrne wrote: > > On Thu, March 20, 2014 17:34, Always Learning wrote: >> >> >> Nothing remains static. Software evolves into usually superior products. >> Sentimentally longing for the past hampers the introduction of new and >> better replacements. > > Ye

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

On Fri, Mar 21, 2014 at 08:33:19AM -0400, James B. Byrne wrote: > > On Thu, March 20, 2014 17:34, Always Learning wrote: > > > > > > Nothing remains static. Software evolves into usually superior products. > > Sentimentally longing for the past hampers the introduction of new and > > better replac

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

On Thu, March 20, 2014 18:52, Les Mikesell wrote: > xml isn't intended for humans - it is supposed to be parsed and > verified by machines. The bigger question is why the machines aren't > managing the config files themselves yet? > Possibly because the machines are running programs written by h

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

On Thu, March 20, 2014 17:34, Always Learning wrote: > > > Nothing remains static. Software evolves into usually superior products. > Sentimentally longing for the past hampers the introduction of new and > better replacements. Yes. For example look how MicroSoft has improved Windows since XPsp3.

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

On Thu, Mar 20, 2014 at 3:48 PM, Matthew Miller wrote: > Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore? And, would > you care strongly if it went away (or would you just migrate to something > else)? > > I bring this up because we are discussing dropping it from Fedora. This > wou

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

> -Original Message- > From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On > Behalf Of Matthew Miller > Sent: den 20 mars 2014 20:49 > To: centos@centos.org > Subject: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) > anymore? &g

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

> > What do you think? Do you rely on hosts.allow/hosts.deny a primary security > mechanism? As defense-in-depth? Do you have policies which mandate it? > > Your feedback appreciated. Thanks! > > > * and the standard caveats that Fedora doesn't necessarily determine the > path for RHEL apply, of co

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

On 2014-03-21, Fernando Cassia wrote: > > Interesting double negative. Implies that once the "technical barriers" are > removed, then it's OK to remove old features for change's sake. ;) If, as Matthew says, the codebase hasn't been maintained since 2001, then we should have concerns about unfoun

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

On Thu, Mar 20, 2014 at 8:36 PM, Steven Tardy wrote: > Political reasons shouldn't prevent removing tcp wrappers, but some > technical reasons still exist. Interesting double negative. Implies that once the "technical barriers" are removed, then it's OK to remove old features for change's sake.

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

> On Mar 20, 2014, at 3:48 PM, Matthew Miller wrote: > > Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore? And, would > you care strongly if it went away (or would you just migrate to something > else)? > > I bring this up because we are discussing dropping it from Fedora. This > wo

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

On Thu, Mar 20, 2014 at 05:23:24PM -0500, Les Mikesell wrote: > > Yup - that's what we do here, use fail2ban to manipulate iptables. > Not sure there's a one-to-one mapping or even a conceptual overlap in > what tcpwrappers and iptables do. Applications can be configured to > use different ports

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

On Thu, Mar 20, 2014 at 4:18 PM, wrote: > And why do all configuration files suddenly > *desperately* need to be xml? > xml isn't intended for humans - it is supposed to be parsed and verified by machines. The bigger question is why the machines aren't managing the config files themselves yet?

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

On Thu, Mar 20, 2014 at 4:39 PM, wrote: > Matthew Miller wrote: >> On Thu, Mar 20, 2014 at 06:14:56PM -0300, Fernando Cassia wrote: > >>> Fail2ban is one piece of software which interfaces with tcp wrappers. >>> v0.9.0 just out >>> http://www.fail2ban.org/wiki/index.php/Main_Page >> >> Yes, and

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

On Thu, Mar 20, 2014 at 4:47 PM, wrote: > > > Excerpt: > What happened to the vision in open source? The idea that there ever was a unified vision for open source seems like a utopian rewrite of history. At least outside of the BSD project... Even the commercial side of unix was wildly fragmen

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

On Thu, Mar 20, 2014, Fernando Cassia wrote: >On Thu, Mar 20, 2014 at 4:48 PM, Matthew Miller wrote: > >> Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore? And, would >> you care strongly if it went away (or would you just migrate to something >> else)? >> > >Please don't remove it. W

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

On Thu, Mar 20, 2014 at 06:14:56PM -0300, Fernando Cassia wrote: > Please don't remove it. Why this sudden idea in software circles that > stuff that works properly needs to be removed for no reason whatsoever > other than "it's old and we think nobody uses it". How do you know?. Well, that's why

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

John R Pierce wrote: > On 3/20/2014 2:18 PM, m.r...@5-cent.us wrote: >> On the other hand, what justifiable reason was there for the massively >> increased complexity of grub2? And why do all configuration files >> suddenly *desperately* need to be xml? > > dont worry, in another year or 3, they'l

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

Matthew Miller wrote: > On Thu, Mar 20, 2014 at 06:14:56PM -0300, Fernando Cassia wrote: >> Fail2ban is one piece of software which interfaces with tcp wrappers. >> v0.9.0 just out >> http://www.fail2ban.org/wiki/index.php/Main_Page > > Yes, and know for sure people use that -- I do, for example.

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

On Thu, 2014-03-20 at 17:18 -0400, m.r...@5-cent.us wrote: > On the other hand, what justifiable reason was there for the massively > increased complexity of grub2? And why do all configuration files suddenly > *desperately* need to be xml? Because misguided fools believe XML is wundervol and th

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

On Thu, 2014-03-20 at 18:14 -0300, Fernando Cassia wrote: > On Thu, Mar 20, 2014 at 4:48 PM, Matthew Miller wrote: > > > Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore? > Please don't remove it. Why this sudden idea in software circles that > stuff that works properly needs to

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

On 3/20/2014 2:18 PM, m.r...@5-cent.us wrote: > On the other hand, what justifiable reason was there for the massively > increased complexity of grub2? And why do all configuration files suddenly > *desperately* need to be xml? dont worry, in another year or 3, they'll all be JSON instead of XML.

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

Fernando Cassia wrote: > On Thu, Mar 20, 2014 at 4:48 PM, Matthew Miller wrote: > >> Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore? And, >> would you care strongly if it went away (or would you just migrate to >> something else)? > > Please don't remove it. Why this sudden idea in

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

On Thu, Mar 20, 2014 at 4:48 PM, Matthew Miller wrote: > Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore? And, would > you care strongly if it went away (or would you just migrate to something > else)? > Please don't remove it. Why this sudden idea in software circles that stuff t

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

On Thu, Mar 20, 2014 at 05:02:06PM -0400, m.r...@5-cent.us wrote: > mark "awk, on the other hand, you'll get away from me when you pry > my cold, dead We're definitely keeping awk. :) -- Matthew Miller mat...@mattdm.org

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

Matthew Miller wrote: > Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore? And, would you care strongly if it went away (or would you just migrate to something else)? > > I bring this up because we are discussing dropping it from Fedora. This would be far enough in the future that it wo

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

On Thu, Mar 20, 2014 at 04:00:49PM -0400, John Jasen wrote: > Various government entities may use it extensively. I don't recall if > tcp_wrappers is in the USGCB baselines for RHEL, but I do believe its in > several CIS benchmarks. Good question. I checked with both that and the DoD National Chec

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

On Thu, Mar 20, 2014 at 12:55:56PM -0700, Keith Keller wrote: > > What do you think? Do you rely on hosts.allow/hosts.deny a primary security > > mechanism? As defense-in-depth? Do you have policies which mandate it? > I currently use it in conjunction with denyhosts, but have been > considering mo

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

Various government entities may use it extensively. I don't recall if tcp_wrappers is in the USGCB baselines for RHEL, but I do believe its in several CIS benchmarks. On 03/20/2014 03:55 PM, Keith Keller wrote: > On 2014-03-20, Matthew Miller wrote: >> What do you think? Do you rely on hosts.al

Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

On 2014-03-20, Matthew Miller wrote: > What do you think? Do you rely on hosts.allow/hosts.deny a primary security > mechanism? As defense-in-depth? Do you have policies which mandate it? I currently use it in conjunction with denyhosts, but have been considering moving to something like sshguard

[CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?

Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore? And, would you care strongly if it went away (or would you just migrate to something else)? I bring this up because we are discussing dropping it from Fedora. This would be far enough in the future that it wouldn't impact RHEL 7, and t