Enhancement #2785
Drop TCP wrappers hosts.allow hosts.deny templates
Status: | CLOSED | Start date: | ||
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | - | % Done: | 100% | |
Category: | nethserver-base | |||
Target version: | v6.5 | |||
Resolution: | NEEDINFO: | No |
Description
Some legacy templates still configure tcpwrappers, namely
- ntpd
- sshd
- slapd
The same functionality is offered by the "modern" kernel firewall. To ease maintainability, we could remove the following templates, and replace with empty (?) files
/etc/hosts.allow /etc/hosts.deny /etc/localnetworks
Related issues
Associated revisions
Remove hosts.{allow,deny}. Refs #2785
createlinks: remove hosts.{allow,deny}. Refs #2785
createlinks: remove hosts.{allow,deny}. Refs #2785
Remove hosts.{allow,deny}. Refs #2785
Remove hosts.allow, hosts.deny and localnetworks files. Refs #2785
Merge remote-tracking branch 'origin'. Refs #2785
Merge branch 'b2785'. Refs #2785
Merge branch 'b2785'. Refs #2785
Merge branch 'b2785'. Refs #2785
History
#1 Updated by Davide Principi about 7 years ago
- Target version set to ~FUTURE
#2 Updated by Davide Principi about 7 years ago
- Related to Feature #1087: /etc/localnetworks Local networks file added
#3 Updated by Filippo Carletti almost 7 years ago
- Target version changed from ~FUTURE to v6.6-beta1
#4 Updated by Davide Principi almost 7 years ago
- Related to Bug #2847: Remote access: web interface error when changing the SSH port added
#5 Updated by Davide Principi almost 7 years ago
- Related to Bug #2928: slapd Upstart status is out of control if BDB is corrupted added
#6 Updated by Davide Principi almost 7 years ago
- Subject changed from Drop tcpwrappers host.allow host.deny templates to Drop TCP wrappers hosts.allow hosts.deny templates
#7 Updated by Giacomo Sanchietti almost 7 years ago
- Status changed from NEW to TRIAGED
- % Done changed from 0 to 20
#8 Updated by Giacomo Sanchietti almost 7 years ago
- Status changed from TRIAGED to ON_DEV
- Assignee set to Giacomo Sanchietti
- % Done changed from 20 to 30
#9 Updated by Giacomo Sanchietti almost 7 years ago
- Status changed from ON_DEV to MODIFIED
- Assignee deleted (
Giacomo Sanchietti) - % Done changed from 30 to 60
- nethserver-base
- nethserver-openssh
- nethserver-ntp
- nethserver-directory
#10 Updated by Giacomo Sanchietti over 6 years ago
- Status changed from MODIFIED to ON_DEV
- Assignee set to Giacomo Sanchietti
- % Done changed from 60 to 30
Also remove expanded templates if already in place.
#11 Updated by Giacomo Sanchietti over 6 years ago
- Target version changed from v6.6-beta1 to v6.5
#12 Updated by Giacomo Sanchietti over 6 years ago
- Status changed from ON_DEV to MODIFIED
- % Done changed from 30 to 60
#13 Updated by Giacomo Sanchietti over 6 years ago
- Status changed from MODIFIED to ON_QA
- Assignee deleted (
Giacomo Sanchietti) - % Done changed from 60 to 70
Everything merged to master branch.
Packages in nethserver-testing:- nethserver-directory-2.0.4-1.3gitb492bf4.ns6.noarch.rpm
- nethserver-openssh-1.0.6-6.0git01a8f7cc.ns6.noarch.rpm
- nethserver-ntp-1.0.6-2.0gitf366ad8b.ns6.noarch.rpm
- nethserver-base-2.5.3-16.0gita4660656.ns6.noarch.rpm
- Check ldap, openssh and ntp are correctly running
- Check following files don't exists:
/etc/hosts.allow /etc/hosts.deny /etc/localnetworks
#14 Updated by Stefano Fancello over 6 years ago
- Assignee set to Stefano Fancello
#15 Updated by Stefano Fancello over 6 years ago
- Assignee changed from Stefano Fancello to Davide Principi
- NEEDINFO changed from No to Yes
Both test cases VERIFIED, but setup-2.8.14-20.el6_4.1.noarch package result broken after that:
# rpm -V setup missing c /etc/hosts.allow missing c /etc/hosts.deny
Is it correct?
#16 Updated by Davide Principi over 6 years ago
- NEEDINFO changed from Yes to No
Stefano Fancello wrote:
Is it correct?
I noticed, it is documented in hosts.allow
manpage:
A non-existing access control file is treated as if it were an empty file.
I think it's ok to leave it as is: the setup
package can restore the distro defaults on next update.
#17 Updated by Giacomo Sanchietti over 6 years ago
- Status changed from ON_QA to VERIFIED
- Assignee deleted (
Davide Principi) - % Done changed from 70 to 90
I think it's ok to leave it as is: the
setup
package can restore the distro defaults on next update.
I agree, we can move on with the release.
#18 Updated by Giacomo Sanchietti over 6 years ago
- Status changed from VERIFIED to CLOSED
- % Done changed from 90 to 100
- nethserver-ntp-1.0.7-1.ns6.noarch.rpm
- nethserver-openssh-1.0.8-1.ns6.noarch.rpm
- nethserver-directory-2.0.5-1.ns6.noarch.rpm
- nethserver-base-2.5.4-1.ns6.noarch.rpm
#19 Updated by Davide Principi over 5 years ago
- Related to Bug #3332: Warning message "grep: /etc/hosts.allow: No such file or directory" added