Harden TCP Wrapper

TCP Wrapper (tcpd) package is installed by default into Debian OS and often left unused. This section guides you on hardening Debian by using the TCP Wrapper.

Identified Threats

(T-42) TCPWrapper is Not Configured By Default

Actions Required

Setup Whitelisting Policy

Permits Core Services

Identified Threats

These are the identified threats related to Debian Software.

(T-42) TCPWrapper is Not Configured By Default

By default, TCP Wrapper is left untouched as this is user-specific usage.

Actions Required

Here are the list if actions to counter the issues.

Setup Whitelisting Policy

The first thing to do is to setup whitelisting policy in which all services from any client are denied unless it is explicitly allowed. This is done by:

Set ALL: ALL into /etc/hosts.deny file.

Permits Core Services

After setting whitelisting policy, it is time to whitelist some common core services. You can whitelist them by adding the service from clients address into /etc/hosts.allow file. Here are some examples for core services like SSHD:

ALL: localhost

sshd : ALL

That's all for hardening Debian by implementing tcpwrapper policy.

Back to Debian Security Hardening