1829749 Members
1455 Online
109992 Solutions
New Discussion

INETD v TCP Wrappers

 
David Rodman
Frequent Advisor

INETD v TCP Wrappers

Given the capability of inetd.sec and the -l start option,
is there any advantage to using tcp wrappers as well?

The only thing I could see was an ability to focus the logging on a subset of the services.
2 REPLIES 2
Brian Hackley
Honored Contributor

Re: INETD v TCP Wrappers

David,
Its always been a "toss-up" between inetd.sec and TCP wrappers for implementing rudimentory host security. Lookng into http://www.stanford.edu/group/itss-ccs/security/Bestuse/tcpwrappers.html ,The only pitfall that I see with TCP wrappers is that you've just introduced more delay (another fork/exec) into the process startup. The benefit is that you can focus your syslog logging via syslog.conf. I hope thise helps you out,
Brian Hackley
Ask me about telecommuting!
Shannon Petry
Honored Contributor

Re: INETD v TCP Wrappers

I am not so sure that it a toss-up. TCP Wrappers is much more than inetd.sec. While both perform the same basic service, tcp-wrappers is much more configurable, and much more flexible.

It really falls to your needs, how much time you have to configure and debug configs, and how paranoid about security you are .(paranoid is not bad).

If your paranoid, and have time, tcp-wrappers is the way to go. If your short on time, then inetd.sec should suffice.

Maybe I'm just lucky, but I have never had a HP, AIX or Sun box broken into. Linux is another story.....


Regards,
Shannon
Microsoft. When do you want a virus today?