CIQ

What are Linux hosts files and how do you use them?

What are Linux hosts files and how do you use them?
the CIQ TeamMay 14, 2024

When you use Rocky Linux, you have several handy tricks at your disposal. Even when you've deployed the OS without a GUI, you'll be surprised at just how easy many tasks can be.

There's one particular set of files, often referred to as “hosts files,” that can be used to take care of some important tasks:

  • Map hostnames to IP addresses
  • Allow specific IP addresses to access a machine
  • Prevent specific IP addresses from accessing a machine

To do this, there are three files in question:

  • /etc/hosts
  • /etc/hosts.allow
  • /etc/hosts.deny

Each of these files are flat text, which means they aren't binary (so they can be read and edited using a standard text editor), nor are these files dynamic, so the only way to change them is to manually edit them.

All three files live in the /etc directory alongside many other important configuration files, which means they require sudo privileges to edit them. These files are fairly standard across *nix distributions, so even if you’re not running Rocky Linux, you’re likely to find these files and they’ll follow the same conventions.

Let's examine each file and see how they work.

How /etc/hosts works

The hosts file is the one you’re likely to use most often. It allows you to map IP addresses to hostnames, hence the “hosts” filename. A host can be any addressable machine on a network, whether it’s a computer, network device, storage device, or an IP-based camera. The /etc/hosts file lets you map IP addresses to any unique, non-reserved name you choose.

You can think of /etc/hosts as a manual override for DNS lookups on your machine. As long as you know a device’s IP address and have an available name, you can set it up in /etc/hosts.

For example, let's say you've deployed a private web server on your network at the IP address 192.168.100 and you’d like to access it with a domain name (e.g. web1.local) instead of an IP. Using /etc/hosts, you can map web1.local to 192.168.1.100 and access that server using either web1.local (or just web1). It’ll work in any app on your computer:

  • Command line (e.g. ping web1)
  • Web browser (e.g. http://web1)
  • File system explorer (e.g. smb://web1)

Mapping an IP address in /etc/hosts

Mapping IP addresses to hostnames is quite easy. Open the file for editing with the command:

sudo nano /etc/hosts

In that file, you'll see some comments above the first entries that look like this:

127.0.0.1       localhost
::1            localhost

The first entry is the IPv4 version of the loopback device and the second is the IPv6 version. Now, let's add our new entry (at the bottom of the file), which looks like this:

192.168.1.100 web1

Save and close the file (ctrl+S then ctrl+X in nano). To test this, run the following command:

ping web1

You should see the following output just below your ping command: PING web1 (192.168.1.100): 56 data bytes. If your hypothetical server did have an associated domain (such as web1.example.com), you could list it like this:

192.168.1.100 web1 web1.example.com

One thing to remember is that the mapping only works on the machine for which you've changed the hosts file. If you needed this mapping to work on another machine on your network, you’d have to perform the same actions on that other machine.

CALLOUT: Using tabs or spaces in /etc/hosts

We’re not here to argue about the use of tabs or spaces, but they are important in these files. You might have noticed that the default entries in /etc/hosts look like:

127.0.0.1       localhost
::1            localhost

The whitespace between the IP and the hostname can either be a tab or a single space. But as /etc/hosts files get complex, you might want to use tabs to visually align hostnames so your files are easier to read. To clarify, these two lines are identical in functionality:

127.0.0.1       localhost
127.0.0.1 localhost

Use your judgment on whichever you prefer, but think about the long term usage of this file and how to maintain it over time.

How /etc/hosts.allow works

The /etc/hosts.allow file explicitly identifies IP addresses, hostnames, or domains that are allowed access. This file works along with hosts.deny to either allow or deny access to that machine.

The hosts.allow file maps services to IP addresses. For example, say you want to allow the machine at IP address 192.1.168.1.10 to access your machine via SSH. To allow that, open the file for editing with the command:

sudo nano /etc/hosts.allow

Allow a single machine to SSH to your machine At the bottom of that file, map the SSH service (sshd) to the address like this:

sshd: 192.168.1.10

What if you wanted to allow all hosts on the 192.168.1.* network to access the server via SSH? That entry would be:

sshd: 192.168.1.

Or maybe you have a domain you want to allow access to the Rocky Linux server via ssh. For that, the entry would be:

sshd: Example Domain 

You can also use the ALL wildcard, which could allow a machine to access all services on the server. Let’s say that machine has the IP 192.168.1.10, the /etc/hosts.allow entry would look like:

ALL:  192.168.1.10

How /etc/hosts.deny works

The /etc/hosts.deny file is formatted the same way as /etc/hosts.allow file does, but instead of allowing services, it denies services to one or more hosts. You’ll notice it looks just like hosts.allow:

service: host

There's an important concept to understand before we edit the file. Any rule in the hosts.allow file is applied before hosts.deny. So, if you've allowed 192.168.1.10 access to sshd, it would supersede any entry in hosts.deny. There's an important reason for that.

Say, for example, you wanted to deny all machines access to the sshd service. Open the file for editing with the command:

sudo nano /etc/hosts.deny

At the bottom of that file, add the following:

sshd: ALL

Save and close the file. Now, the only hosts that would be able to connect via SSH are the ones that were allowed in the hosts.allow file.

Deny SSH access to your machine

You can also apply the other concepts from hosts.allow to hosts.deny. Let’s take a look. (Such as denying a single IP address, an entire network, or a domain.)

To deny SSH access from a single machine (192.168.1.10):

sshd: 192.168.1.10

To deny an entire network (e.g. every machine on the 192.168.1.* subnet):

sshd: 192.168.1.

To deny a domain (e.g. Example Domain ):

sshd: Example Domain 

/etc/hosts is great for convenience and security

The hosts files on Linux are a great way to control what machines have access to your server. When used in conjunction with a firewall, your Rocky Linux instance will enjoy a much higher level of security. They offer selective access control giving you easy access to firewall-like features. You can be as granular as you like with layered security policies in the allow => deny framework.

They’re also great for a convenient, localized form of DNS and DNS control. You can define hostname to IP mappings without relying on external DNS servers and ensure you’re never a victim of DNS spoofing. You can also block or redirect specific services by mapping unwanted hostnames to non-routable addresses, like 127.0.0.1, effectively killing any chance of reaching malicious domains from your machine.

When configured correctly, the /etc/hosts, /etc/hosts.allow, and /etc/hosts.deny files provide foundational security controls that are easy to configure, especially in controlled environments with well-defined network configurations.

Related posts

2023 Holiday Gift Guide for Rocky Linux Users

2023 Holiday Gift Guide for Rocky Linux Users

Dec 19, 2023

Rocky Linux

Why Rocky Linux Is a Rock-Solid Choice in an Economic Downturn

Why Rocky Linux Is a Rock-Solid Choice in an Economic Downturn

Jan 18, 2023

Rocky Linux

6 Signs That It's Time to Move to Rocky Linux

6 Signs That It's Time to Move to Rocky Linux

Feb 23, 2023

Rocky Linux

123
37
>>>