|
How to 'include file' in hosts.allow or hosts.deny?
Anyone know how you can have Linux (specifically RH) read two hosts.allow (or hosts.deny) files?
My situation is that I have a room full of machines and ALL have a base set of IPs that need to be allowed and then depending on the machine, a custom set of IPs. I'd like to have one hosts.allow file for all of the base IPs that I can maintain on the machines with puppet and a custom allow file that I can maintain manually. What should I be Altavista-ing (since "hosts.allow include file" is giving me worthless results)? SOLUTION: It's not possible. |
There is a man page for hosts.allow. There is also an extension named hosts_options. Sadly, neither mentions anything about including files, so that it seems you need to implement this differently.
|
As berndbausch said you can't. Also note using tcp_wrappers is neither the best performing or safe way anymore and for example OpenSSH 6.7, released October 2014, already removed support for tcpwrappers/libwrap. Staying with deprecated features is easy if your distribution vendor applies a patch like this. Transitioning is easy too: just turn your allow list into its own ipset.
|
Wildcards no good to you?
< 6.6 allows for them. Code:
10. |
Yeah, I was afraid of that. Thanks.
|
dnsmasq can solve this. I have 4 or 5 different hosts files, and dnsmasq is configured to include all in a specified directory. The downside is that dnsmasq is an additional service you have to run on your machine, and you may need to tweak /etc/resolv.conf
|
Quote:
|
Quote:
|
Actually, at least as of RHEL 7, you can include files in hosts.allow/deny.
From the man page: PATTERNS: A string that begins with a `/´ character is treated as a file name. A host name or address isSo if you make an entry like: You can then list hosts in the /etc/hosts.allow-sshd file, and it will be included. |
| All times are GMT -5. The time now is 04:28 PM. |