4

We've recently gone through a security audit and among several valid and other, quite pointless findings is one that states that tcpwrappers is not disabled. I've never used tcpwrappers so I don't have a great deal of experience in how it is configured.

Having said that I've always been under the impression that it isn't simply disabled or enabled like a daemon. Instead, rules are created which define services that use it and which servers are and are not allowed to access the service.

By default, if nothing is defined then tcpwrappers is, effectively, disabled.

Am I wrong?

theillien
  • 459

1 Answers1

2

I'm not 100% sure on what they mean by disabled but quite a few binaries on an average linux bistro would be linked to libwrap.so (e.g. sshd) which is a lib provided by the tcp_wrappers package.

You're correct in that this won't make any difference unless there is configuration in hosts.allow or hosts.deny files.

Martin
  • 519