Do the following steps as:

1.vi /etc/hosts.deny

vsftpd:ALL EXCEPT .example.com

or

1.vi /etc/hosts.deny

vsftpd:ALL

2.vi /etc/hosts.allow

vsftpd:.example.com

We can secure the services using tcp_wrappers. There are main two files, /etc/hosts.allow and /etc/hosts.deny.

There will be three stage access checking

- Is access explicitly permitted? Means permitted from /etc/hosts.allow?

- Otherwise, Is access explicitly denied? Means denied from /etc/hosts.deny?

- Otherwise, by default permit access if neither condition matched.

To deny the services we can configure /etc/hosts.deny file using ALL and EXCEPT operation. Pattern of /etc/hosts.allow and /etc/hosts.deny file is:

Demon_list:client_list:options

In Client list can be either domain name or IP address.

Note: In Exam Lab there will be two different domain example.com which is known as local domain and another is cracker.org which is called non trusted domain. So only from .example.com means allow only to example.com deny to every one.