Chapter 17. TCP Wrappers and xinetd

Chapter 17. TCP Wrappers and xinetd

17.1. TCP Wrappers
17.1.1. Advantages of TCP Wrappers
17.2. TCP Wrappers Configuration Files
17.2.1. Formatting Access Rules
17.2.2. Option Fields
17.3. xinetd
17.4. xinetd Configuration Files
17.4.1. The /etc/xinetd.conf File
17.4.2. The /etc/xinetd.d/ Directory
17.4.3. Altering xinetd Configuration Files
17.5. Additional Resources
17.5.1. Installed Documentation
17.5.2. Useful Websites
17.5.3. Related Books

Controlling access to network services is one of the most important security tasks facing a server administrator. Red Hat Enterprise Linux provides several tools which do just that. For instance, an iptables-based firewall filters out unwelcome network packets within the kernel's network stack. For network services that utilize it, TCP wrappers add an additional layer of protection by defining which hosts are or are not allowed to connect to "wrapped" network services. One such wrapped network service is the xinetdsuper server. This service is called a super server because it controls connections to a subset of network services and further refines access control.

Figure 17.1, “Access Control to Network Services” is a basic illustration of how these tools work together to protect network services.

Access Control to Network Services

[D]

Figure 17.1. Access Control to Network Services

This chapter focuses on the role of TCP wrappers and xinetd in controlling access to network services and reviews how these tools can be used to enhance both logging and utilization management. For a discussion of using firewalls with iptables, refer to Chapter 18, iptables.