TCP Wrappers

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
21 hours 25 minutes
Difficulty
Intermediate
CEU/CPE
21
Video Transcription
00:00
>> Hey, cybrarians. Welcome back to
00:00
the Linus Plus Course here at Cybrary.
00:00
I'm your instructor Robby Gill and in today's lesson,
00:00
we're going to be covering TCP Wrappers.
00:00
Upon completion of today's lesson,
00:00
you're going to be able to understand
00:00
the purpose of TCP Wrappers and then
00:00
locate the files that are used to control
00:00
access when we're using TCP Wrappers.
00:00
TCP Wrappers were used to
00:00
control access to network-enabled services.
00:00
This is a legacy control process,
00:00
and it was used to control things such as SSH or NFS.
00:00
Now, this functionality has been
00:00
largely replaced by firewalls,
00:00
but there are services that still
00:00
support using TCP Wrappers.
00:00
The way we can find them is they will have
00:00
the libwrap library compiled
00:00
with them. How do we find that?
00:00
Well, we can use or
00:00
friendly ldd command to list
00:00
the libraries that are used by each service.
00:00
Recall back to module 7 where we covered LDD.
00:00
In order to do this, it's a four-step process
00:00
or a three-step process.
00:00
The first thing we're going to want to do is
00:00
find the full path to the daemon.
00:00
We can do that with the which command,
00:00
we can do which sshd,
00:00
and it tells us the full path to that is
00:00
>> /usr/sbin/sshd.
00:00
>> Then we can use LDD to list all
00:00
>> of the shared libraries.
00:00
>> Your LDD user sbin SSHD.
00:00
Then from there, we can just grep for libwrap.
00:00
Now, if we see libwrap,
00:00
that means that this service still
00:00
supports using TCP Wrappers.
00:00
For example, when we do that for SSHD,
00:00
we do see that it comes back and returns the result.
00:00
But there is a newer services
00:00
out there that don't support this at all.
00:00
If we did the same thing for OpenVPN,
00:00
which OpenVPN, we find out its /usr/sbin/openvpn.
00:00
We do ldd /usr/sbin/openvpn,
00:00
we got for libwrap, we get nothing back.
00:00
That tells us that OpenVPN has no use
00:00
for TCP Wrappers and to work with that,
00:00
we would probably need to configure a
00:00
firewall to secure it.
00:00
When we are working with TCP Wrappers,
00:00
there are two files that we use to control
00:00
access to this service and this control via IP address.
00:00
There's the /etc/host.allow file,
00:00
and that allows access to IPs that are on lists and
00:00
the /etc/host.deny file blocks
00:00
access to IPs that are on list.
00:00
There's generally order of
00:00
operations that we have to
00:00
follow when we're using these files,
00:00
and it's very specific and it may be on the exam,
00:00
so definitely go over this a few times if
00:00
it is not making sense
00:00
The first step is we look at the host.allow
00:00
file and it's checked for IP address of the requester.
00:00
If the IP address is found, great,
00:00
we get access to that service,
00:00
nothing further is required.
00:00
But if the IP address is not found,
00:00
then we go into the host.deny file
00:00
and we check to see if this IP Is denied.
00:00
Now, if the IP address is found,
00:00
access is denied for that system,
00:00
the requester can't get in, all good.
00:00
But if the IP is not found in either file,
00:00
the axis is granted by default.
00:00
Access can be allowed if
00:00
the IP is not found in either file.
00:00
Therefore, a lot of times when
00:00
people are using these things,
00:00
they will add,/ etc/hosts.deny.
00:00
They'll add a line to the very end of it.
00:00
This has all colon all.
00:00
This is really only necessary when we're using
00:00
host.allow to make sure that
00:00
somebody can't drop through and get
00:00
access because they're not included in either file.
00:00
But with that we've reached the end of this lesson.
00:00
In this lesson we covered the purpose of
00:00
TCP wrappers and then we learned about
00:00
controlling access to network services
00:00
that allow us to use TCP wrappers.
00:00
We do that using host.allow and host.deny files.
00:00
Thanks so much for being here and I look
00:00
forward to seeing you in the next lesson.
Up Next