Embedded Files
TCP Wrapper (tcpd) package is installed by default into Debian OS and often left unused. This section guides you on hardening Debian by using the TCP Wrapper.
Identified Threats
Identified Threats
These are the identified threats related to Debian Software.
(T-42) TCPWrapper is Not Configured By Default
(T-42) TCPWrapper is Not Configured By Default
By default, TCP Wrapper is left untouched as this is user-specific usage.
Actions Required
Actions Required
Here are the list if actions to counter the issues.
Setup Whitelisting Policy
Setup Whitelisting Policy
The first thing to do is to setup whitelisting policy in which all services from any client are denied unless it is explicitly allowed. This is done by:
Set ALL: ALL into /etc/hosts.deny file.
Permits Core Services
Permits Core Services
After setting whitelisting policy, it is time to whitelist some common core services. You can whitelist them by adding the service from clients address into /etc/hosts.allow file. Here are some examples for core services like SSHD:
ALL: localhostsshd : ALLThat's all for hardening Debian by implementing tcpwrapper policy.
Page updated
Google Sites
Report abuse