Which file is commonly used to deny access to unwanted services on a Linux system?

The file commonly used to deny access to unwanted services on a Linux system is /etc/hosts.deny. This file is part of the TCP Wrappers, which is a host-based networking ACL system that provides a way to control access to services based on the IP address or hostname of the client attempting to connect. By adding entries to /etc/hosts.deny, you can specify which services should not allow connections from particular hosts or IP addresses.

When a connection attempt is made to a service that is wrapped by TCP Wrappers, the system first checks the /etc/hosts.deny file to see if there is a matching rule that denies access. If no matches are found there, it then looks at /etc/hosts.allow to see if access should be permitted. This means that /etc/hosts.deny acts as a first line of defense by actively denying connections from specified hosts.

The other options serve different purposes. For example, /etc/ssh/sshd_config is used for configuring the SSH server settings but does not manage access on a host basis. /etc/hosts.allow performs the complementary function of allowing access, and /etc/passwd is primarily a user account database that does not directly control service access.