Howto

In part I of this tutorial on the /etc/hosts.allow and hosts.deny files, we covered the basics of allowing and blocking access to services via IP address and host names. In Part II, we’re going to look at how to block entire subnets, as well as how to automate our server to alert us via syslog whenever anyone tries to connect somewhere that is forbidden. Let’s get down to work, shall we?

There are many ways you can go about securing your network. For me, the first thing that comes to mind are packet filters, external firewalls, and complex ACLs at the switch level. Whether you use those or not, the security from the /etc/hosts.allow and /etc/hosts.deny files can help provide an extra layer of security beyond authentication/authorization. In Part I of this article we’re going to look at how to implement them and how they work. In Part II we’ll get into some more complex examples along with a way to set violations against the files to be picked up and logged by syslog.

If you manage several Linux machines from one desktop (And you are 100 percent SURE that that desktop is SECURE!) passwordless SSH logins can save you a LOT of time. They're also useful for automating things like cron jobs or script output where the password request breaks an automated flow. Setting them up is really easy too. Just understand that if you do so, and someone else gains access to your machine, your other machines are open to them with all the rights and permissions of the accounts you've created passwordless ssh logins for. With that said, let's get started!