Enhancement #2785
Drop TCP wrappers hosts.allow hosts.deny templates
| Status: | CLOSED | Start date: | ||
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | - | % Done: | 100% | |
| Category: | nethserver-base | |||
| Target version: | v6.5 | |||
| Resolution: | NEEDINFO: | No | 
Description
Some legacy templates still configure tcpwrappers, namely
- ntpd
- sshd
- slapd
The same functionality is offered by the "modern" kernel firewall. To ease maintainability, we could remove the following templates, and replace with empty (?) files
/etc/hosts.allow /etc/hosts.deny /etc/localnetworks
Related issues
Associated revisions
Remove hosts.{allow,deny}. Refs #2785
createlinks: remove hosts.{allow,deny}. Refs #2785
createlinks: remove hosts.{allow,deny}. Refs #2785
Remove hosts.{allow,deny}. Refs #2785
Remove hosts.allow, hosts.deny and localnetworks files. Refs #2785
Merge remote-tracking branch 'origin'. Refs #2785
Merge branch 'b2785'. Refs #2785
Merge branch 'b2785'. Refs #2785
Merge branch 'b2785'. Refs #2785
History
#1
     Updated by Davide Principi about 7 years ago
    Updated by Davide Principi about 7 years ago
    - Target version set to ~FUTURE
#2
     Updated by Davide Principi about 7 years ago
    Updated by Davide Principi about 7 years ago
    - Related to Feature #1087: /etc/localnetworks Local networks file added
#3
     Updated by Filippo Carletti almost 7 years ago
    Updated by Filippo Carletti almost 7 years ago
    - Target version changed from ~FUTURE to v6.6-beta1
#4
     Updated by Davide Principi almost 7 years ago
    Updated by Davide Principi almost 7 years ago
    - Related to Bug #2847: Remote access: web interface error when changing the SSH port added
#5
     Updated by Davide Principi almost 7 years ago
    Updated by Davide Principi almost 7 years ago
    - Related to Bug #2928: slapd Upstart status is out of control if BDB is corrupted added
#6
     Updated by Davide Principi almost 7 years ago
    Updated by Davide Principi almost 7 years ago
    - Subject changed from Drop tcpwrappers host.allow host.deny templates to Drop TCP wrappers hosts.allow hosts.deny templates
#7
     Updated by Giacomo Sanchietti almost 7 years ago
    Updated by Giacomo Sanchietti almost 7 years ago
    - Status changed from NEW to TRIAGED
- % Done changed from 0 to 20
#8
     Updated by Giacomo Sanchietti almost 7 years ago
    Updated by Giacomo Sanchietti almost 7 years ago
    - Status changed from TRIAGED to ON_DEV
- Assignee set to Giacomo Sanchietti
- % Done changed from 20 to 30
#9
     Updated by Giacomo Sanchietti almost 7 years ago
    Updated by Giacomo Sanchietti almost 7 years ago
    - Status changed from ON_DEV to MODIFIED
- Assignee deleted (Giacomo Sanchietti)
- % Done changed from 30 to 60
- nethserver-base
- nethserver-openssh
- nethserver-ntp
- nethserver-directory
#10
     Updated by Giacomo Sanchietti over 6 years ago
    Updated by Giacomo Sanchietti over 6 years ago
    - Status changed from MODIFIED to ON_DEV
- Assignee set to Giacomo Sanchietti
- % Done changed from 60 to 30
Also remove expanded templates if already in place.
#11
     Updated by Giacomo Sanchietti over 6 years ago
    Updated by Giacomo Sanchietti over 6 years ago
    - Target version changed from v6.6-beta1 to v6.5
#12
     Updated by Giacomo Sanchietti over 6 years ago
    Updated by Giacomo Sanchietti over 6 years ago
    - Status changed from ON_DEV to MODIFIED
- % Done changed from 30 to 60
#13
     Updated by Giacomo Sanchietti over 6 years ago
    Updated by Giacomo Sanchietti over 6 years ago
    - Status changed from MODIFIED to ON_QA
- Assignee deleted (Giacomo Sanchietti)
- % Done changed from 60 to 70
Everything merged to master branch.
Packages in nethserver-testing:- nethserver-directory-2.0.4-1.3gitb492bf4.ns6.noarch.rpm
- nethserver-openssh-1.0.6-6.0git01a8f7cc.ns6.noarch.rpm
- nethserver-ntp-1.0.6-2.0gitf366ad8b.ns6.noarch.rpm
- nethserver-base-2.5.3-16.0gita4660656.ns6.noarch.rpm
- Check ldap, openssh and ntp are correctly running
- Check following files don't exists: /etc/hosts.allow /etc/hosts.deny /etc/localnetworks 
#14
     Updated by Stefano Fancello over 6 years ago
    Updated by Stefano Fancello over 6 years ago
    - Assignee set to Stefano Fancello
#15
     Updated by Stefano Fancello over 6 years ago
    Updated by Stefano Fancello over 6 years ago
    - Assignee changed from Stefano Fancello to Davide Principi
- NEEDINFO changed from No to Yes
Both test cases VERIFIED, but setup-2.8.14-20.el6_4.1.noarch package result broken after that:
# rpm -V setup missing c /etc/hosts.allow missing c /etc/hosts.deny
Is it correct?
#16
     Updated by Davide Principi over 6 years ago
    Updated by Davide Principi over 6 years ago
    - NEEDINFO changed from Yes to No
Stefano Fancello wrote:
Is it correct?
I noticed, it is documented in hosts.allow manpage:
A non-existing access control file is treated as if it were an empty file.
I think it's ok to leave it as is: the setup package can restore the distro defaults on next update.
#17
     Updated by Giacomo Sanchietti over 6 years ago
    Updated by Giacomo Sanchietti over 6 years ago
    - Status changed from ON_QA to VERIFIED
- Assignee deleted (Davide Principi)
- % Done changed from 70 to 90
I think it's ok to leave it as is: the
setuppackage can restore the distro defaults on next update.
I agree, we can move on with the release.
#18
     Updated by Giacomo Sanchietti over 6 years ago
    Updated by Giacomo Sanchietti over 6 years ago
    - Status changed from VERIFIED to CLOSED
- % Done changed from 90 to 100
- nethserver-ntp-1.0.7-1.ns6.noarch.rpm
- nethserver-openssh-1.0.8-1.ns6.noarch.rpm
- nethserver-directory-2.0.5-1.ns6.noarch.rpm
- nethserver-base-2.5.4-1.ns6.noarch.rpm
#19
     Updated by Davide Principi over 5 years ago
    Updated by Davide Principi over 5 years ago
    - Related to Bug #3332: Warning message "grep: /etc/hosts.allow: No such file or directory" added