The UNIX and Linux Forums  

Go Back   The UNIX and Linux Forums > Top Forums > UNIX for Advanced & Expert Users
Google UNIX.COM


UNIX for Advanced & Expert Users Advanced UNIX and Linux questions go here. Expert-to-Expert.

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
Restrict user access to their home dir rdns UNIX for Dummies Questions & Answers 10 05-26-2008 07:28 AM
restrict access of a user to two directories only vikas027 Linux 10 05-03-2008 07:26 AM
Restrict users to certain functions lweegp UNIX for Dummies Questions & Answers 12 11-13-2006 07:03 PM
restrict tcp-port access remivisser UNIX for Dummies Questions & Answers 2 05-18-2004 01:33 AM

Reply
 
Submit Tools LinkBack Thread Tools Search this Thread Display Modes
  #1  
Old 08-20-2008
Registered User
 

Join Date: Mar 2008
Location: /bin/sh
Posts: 352
Restrict access to specific users.

Hi All!
I would like to know if there is any specific way by which I can restrict access to apecific users (ip addresses).

OS : Red hat linux


Thanks!
nua7
Reply With Quote
Forum Sponsor
  #2  
Old 08-21-2008
 

Join Date: May 2008
Location: Sydney, Australia
Posts: 920
Depending on the type of access, you can use "TCP wrappers" or "iptables". Do a search for them to find out about them... some services have built-in facilities for controlling access by IP address; if you tell us which type of access you are trying to restrict we may be able to help further.
Reply With Quote
  #3  
Old 08-21-2008
broli's Avatar
Registered User
 

Join Date: Dec 2007
Location: Argentina
Posts: 198
are you refering to deny ssh login ?
in redhat you have pam for that.
you can also simple ban the hole ip (in all ports and services) by adding them to /etc/host.deny (might be /etc/hosts.deny
Reply With Quote
  #4  
Old 08-21-2008
ynilesh's Avatar
Registered User
 

Join Date: Oct 2007
Location: Bangalore, India.
Posts: 174
Instead of predicting things, its better if you provide what type of restriction are you looking for ?

- nilesh
Reply With Quote
  #5  
Old 08-21-2008
Registered User
 

Join Date: Mar 2008
Location: /bin/sh
Posts: 352
Hi All,
I am sorry for not giving all the information. But here is my actual need. I would be having Oracle database on a Red hat Linux server which would listen to Port 1521(Default port for oracle).

I need to restrict users to this Port.I thought two solutions for this using iptables.

Solution 1 : Set the firewall with iptables rules, to allow ip addresses of a particular subnet to access the Oracle port.Using this rule only machines on the DBserver's subnet are able to communicate with it on Port 1521.

Code:
iptables -A INPUT -i eth0 -p tcp --dport 1521 -s ! <subnet mask value>
Solution 2:
Have a list of all valid IP's in a file and set a rule in the iptable to allow access to those IP addreesses only.
Code:
iptables -P FORWARD DROP 
for mac in $(cat ipaddressfile); do 
iptables -A FORWARD -m mac --mac-source $mac -j ACCEPT 
done
Please let me know if I am on the right track or if something else needs to be done.Also kindly let me know , which solution would work better looking at the security point of view.

Thanks!
nua7
Reply With Quote
  #6  
Old 08-25-2008
 

Join Date: May 2008
Location: Sydney, Australia
Posts: 920
It seems to me like the first option would be a lot easier to maintain over time. I can't really comment on the security point of view because it depends on the sensitivity of your data and the security of the network the system is on. There should be security built-in to the database access anyway, so hopefully anything you are donig here is going above and beyond the call of duty anyway?
Reply With Quote
  #7  
Old 08-26-2008
Registered User
 

Join Date: Mar 2008
Location: /bin/sh
Posts: 352
Hi!
Finally it has been decided that specfic ip addresses should be allowed to access the database port. Solution 2 which is in my previous post.

Please let me know if you have any suggestions in the solution 2 I mentioned.
Reply With Quote
Google The UNIX and Linux Forums
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes




All times are GMT -7. The time now is 02:18 PM.


Powered by: vBulletin, Copyright ©2000 - 2006, Jelsoft Enterprises Limited.
The UNIX and Linux Forums Content Copyright ©1993-2008. All Rights Reserved.Ad Management by RedTyger Visit The Complex Event Processing Blog

Content Relevant URLs by vBSEO 3.2.0