download

Chapter 13Once a match is found, tcpd will not look for more rules in the file. So ifyou want to add a limiting rule to ftp section, it should be added beforethe explicit allow rule at the end of the section.Now, to add a rule to limit FTP access to 192.168.50.0/27 subnet, the followingline should be added:ftpd : 192.168.50.0/27 : allowYou may want to comment out the other lines that permit the access to ftpd.Looking at the hosts.allow file, you will find a few other examples for otherservices such as sendmail, fingerd, ypserv (NIS), etc. You may want to add your ownservice restrictions to the file, based on the inetd.conf definition.You should also note that there are some lines starting with the ALL keyword thatwould be applied on any service. For example, the default hosts.allow file containsthe following default line at the beginning of the file:ALL : ALL : allowThis will permit connections from any source to any service. Once you add acustomized rule to the file, you should comment out this line. Leaving this lineuncommented on top of the file makes your further rules ineffective, as the tcpdmatches this rule at the beginning of the file, and does not process further rules.SSHSSH service is used to manage your host securely over the network. However, SSHdoes more than just a secure shell protocol. It can be used to transfer files securely ortunnel (and encrypt) network traffic between two hosts using tunneling techniques.FreeBSD 7 uses SSH tools and libraries that are based on OpenSSH 4.5. Most of theFreeBSD hosts are running the sshd(8) daemon. The daemon accepts incomingconnection on port 22 TCP, authenticates the user against system's user database (thedefault behavior), and lets user in, if authentication succeeds (and user has a validshell and home directory).If sshd daemon is not enabled on the host, it can be enabled by adding the followingline to the /etc/rc.conf file:sshd_enable="YES"The daemon can also be started manually by invoking the following command:# /etc/rc.d/sshd start[ 207 ]