TCP Wrapper (tcpd) package is installed by default into Debian OS and often left unused. This section guides you on hardening Debian by using the TCP Wrapper.
These are the identified threats related to Debian Software.
By default, TCP Wrapper is left untouched as this is user-specific usage.
Here are the list if actions to counter the issues.
The first thing to do is to setup whitelisting policy in which all services from any client are denied unless it is explicitly allowed. This is done by:
Set ALL: ALL
into /etc/hosts.deny
file.
After setting whitelisting policy, it is time to whitelist some common core services. You can whitelist them by adding the service from clients address into /etc/hosts.allow
file. Here are some examples for core services like SSHD:
ALL: localhost
sshd : ALL
That's all for hardening Debian by implementing tcpwrapper policy.