[rhn-users] I need help with hosts.deny - doesn't work asIexpected

Tue Mar 28 20:42:29 UTC 2006

try testing using an IP you have access to.
You can log attempts by doing something like this in your wrappers
ALL:  219.106.229.178 : spawn /bin/echo `/bin/date` access
denied>>/var/log/messages : deny

I haven't done this in a while so you might want to do a google on logging
tcp wrappers
If this doesn't give you what you want you might try using iptables, since
wrappers only protects against services under xinetd.

Nick Baronian

On 3/28/06, Bill Watson <bill at magicdigits.com> wrote:
>
> I did a:
> service vsftpd stop
> service vsftpd start
>
> and the non-stop hacking on vsftpd stopped. Could be one of 2 things,
> either this solved my problem permanently, or stopping the service for a few
> seconds caused his automatic hack program to hang. Dunno which for now, nor
> know how to tell which did it. Is stuff nuked by hosts.deny logged
> somewhere?
>
> Thanks for you help!
> Bill
>
>  -----Original Message-----
> *From:* rhn-users-bounces at redhat.com [mailto:rhn-users-bounces at redhat.com]
> *On Behalf Of *Kvetch
> *Sent:* Tuesday, March 28, 2006 11:26 AM
> *To:* Red Hat Network Users List
> *Subject:* Re: [rhn-users] I need help with hosts.deny - doesn't work
> asIexpected
>
> tcp wrappers are automatic and no service needs restarting.  Try
> restarting vsftd then try again.
> If you have nothing in your hosts.allow and in your hosts.deny you have
>
> ALL:  219.106.229.178
> ALL:  72.129.200.46
> ALL:  200.38.
> ALL:  64.182.
>
> It should block them.
> Can you retest?
> Nick Baronian
>
>
> On 3/28/06, Bill Watson <bill at magicdigits.com> wrote:
> >
> >  Yes I do have tcp_wrappers=YES in vsftpd.conf
> >
> > Bill
> >
> >  -----Original Message-----
> > *From:* rhn-users-bounces at redhat.com [mailto:rhn-users-bounces at redhat.com]
> > *On Behalf Of *Kvetch
> > *Sent:* Tuesday, March 28, 2006 10:56 AM
> > *To:* Red Hat Network Users List
> > *Subject:* Re: [rhn-users] I need help with hosts.deny - doesn't work as
> > Iexpected
> >
> > Do you have
> > tcp_wrappers=YES
> > in your vsftpd.conf?
> >
> > Nick Baronian
> >
> > On 3/28/06, Bill Watson <bill at magicdigits.com > wrote:
> > >
> > > I have /etc/hosts.allow that has no entries. I have /etc/hosts.deny
> > > that
> > > has:
> > >
> > > ALL: 219.106.229.178
> > > ALL: 72.129.200.46
> > > ALL: 200.38.
> > > ALL: 64.182.
> > >
> > > >From my readings, I should not be getting any messages from
> > > 200.38.x.x, yet
> > > my /var/log/messages shows:
> > > Mar 28 10:50:36 helmethouse vsftpd(pam_unix)[23790]: check pass; user
> > > unknown
> > > Mar 28 10:50:36 helmethouse vsftpd(pam_unix)[23790]: authentication
> > > failure;
> > > log
> > > name= uid=0 euid=0 tty= ruser= rhost=200.38.16.6
> > > Mar 28 10:50:40 helmethouse vsftpd(pam_unix)[23790]: check pass; user
> > > unknown
> > > Mar 28 10:50:40 helmethouse vsftpd(pam_unix)[23790]: authentication
> > > failure;
> > > log
> > > name= uid=0 euid=0 tty= ruser= rhost=200.38.16.6
> > >
> > > And keeps going with a new entry every few seconds.
> > >
> > > Is /etc/hosts.deny properly set up?
> > > Is /etc/hosts.deny immediately active or must some service be
> > > restarted to
> > > make it go?
> > > Does vsftpd bypass /etc/hosts.deny?
> > >
> > > Thanks!
> > > Bill Watson
> > > bill at magicdigits.com
> > >
> > >
> > > _______________________________________________
> > > rhn-users mailing list
> > > rhn-users at redhat.com
> > > https://www.redhat.com/mailman/listinfo/rhn-users
> > >
> >
> >
> > _______________________________________________
> > rhn-users mailing list
> > rhn-users at redhat.com
> > https://www.redhat.com/mailman/listinfo/rhn-users
> >
> >
>
> _______________________________________________
> rhn-users mailing list
> rhn-users at redhat.com
> https://www.redhat.com/mailman/listinfo/rhn-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/rhn-users/attachments/20060328/5a7af7de/attachment.htm>