I know that hosts.allow and host.deny only affect things that are tcpwrappered, but what does this mean in practice? It seems that most people use hosts.allow to handle ssh and nfs blocking, but what other services are typically handled there? And what services AREN'T typically handled there?
Edit: ok, I realize I did a terrible job of explaining what I was after. No, I'm not interested in knowing if a particular service can be handled by hosts.allow, I want to know if a service will be handled. For example, if I do an lsof -i, I get a nice list of things that are listening for connections to my box. I want to know which ones will be affected if I go stick an entry into hosts.allow (well, I really want to know which ones won't be affected).
While mailq is right that there are too many to name, maybe you'd appreciate knowing how to determine if your service supports it.
The following command will tell you if the daemon for your service was complied with tcpwrappers:
For more information, see http://www.cyberciti.biz/faq/tcp-wrappers-hosts-allow-deny-tutorial/ .
How to determine if the services you are running will be affected.
The output of
lsof -iincludes the pid number. As root in linux, you can get the path to the service's command in the /proc filesystem and runldd:If the daemon is linked with libwrap.so, then you can look in its man page to find how it works with hosts.allow/hosts.deny.
Usually inetd or xinetd originated services are affected and those that are running as daemons are not affected. However some daemons choose to check up hosts.allow and this should be checked on daemon basis.