Illegal access attempt - FreeBSD 5.4 Release - please advise

freebsd-questions at auscert.org.au freebsd-questions at auscert.org.au
Fri Aug 26 01:40:46 GMT 2005


> On Fri, 26 Aug 2005 00:24:48 +0200
> Maarten Sanders <maarfree at xs4all.nl> wrote:
> 
> > Nice suggestion, but how do I enable tcp_wrappers with sshd?
> 
> from
> http://lists.freebsd.org/pipermail/freebsd-security/2004-September/002351.htm
> l
> 
> in /usr/src/crypto/openssh/config.h
> find the line :
> /* Define if you want TCP Wrappers support */
> enable it, rebuild etc.

This is the default, so no need to rebuild - you just have to tighten up
your /etc/hosts.allow.  Instead of the default:

	ALL : ALL : allow

try (eg if you have a host 192.168.1.1):

	sshd : 192.168.1.1 : allow
	ALL : ALL : deny

joel


More information about the freebsd-questions mailing list