Most of the time we will protect our servers with firewall rules, but in some situations this might not be applicable (like in a VPS environment where we don’t have access to iptables). TCP wrappers (Wietse Venema’s TCP wrappers library) can be used in such cases to allow or deny access based on the configured rules in /etc/hosts.allow and /etc/hosts.deny. Most of the daemons that we might consider protecting this way will probably have build-in support for TCP Wrappers (ssh, ftp, xintetd, etc.), but how can we be sure? We might be writing the correct lines in hosts.allow/deny but we can’t see any results. In this little post I will show how we can verify if any daemon has been build with TCP Wrappers support. Read the rest of this entry »