[rhn-users] I need help with hosts.deny - doesn't work asIexpected

x6d696168 . x6d696168 at gmail.com
Tue Mar 28 22:02:02 UTC 2006 

No, thats wrong.

TCP Wrappers only protects programs that are linked against libwrap.  Xinetd
provides a similar filtering functionality, but it doesn't require
tcpwrappers, but it only protects applications running via xinetd.  IPtables
is the best way to go, since its kernel based and can handle anything you
throw at it, and doesn't require tcpwrappers, or xinetd since it sits above
them.

-miah

On 3/28/06, Kvetch <kvetch at gmail.com> wrote:
>
> try testing using an IP you have access to.
> You can log attempts by doing something like this in your wrappers
> ALL:  219.106.229.178 : spawn /bin/echo `/bin/date` access
> denied>>/var/log/messages : deny
>
> I haven't done this in a while so you might want to do a google on logging
> tcp wrappers
> If this doesn't give you what you want you might try using iptables, since
> wrappers only protects against services under xinetd.
>
> Nick Baronian
>
>
>
> On 3/28/06, Bill Watson <bill at magicdigits.com> wrote:
> >
> > I did a:
> > service vsftpd stop
> > service vsftpd start
> >
> > and the non-stop hacking on vsftpd stopped. Could be one of 2 things,
> > either this solved my problem permanently, or stopping the service for a few
> > seconds caused his automatic hack program to hang. Dunno which for now, nor
> > know how to tell which did it. Is stuff nuked by hosts.deny logged
> > somewhere?
> >
> > Thanks for you help!
> > Bill
> >
> >  -----Original Message-----
> > *From:* rhn-users-bounces at redhat.com [mailto:rhn-users-bounces at redhat.com]
> > *On Behalf Of *Kvetch
> > *Sent:* Tuesday, March 28, 2006 11:26 AM
> > *To:* Red Hat Network Users List
> > *Subject:* Re: [rhn-users] I need help with hosts.deny - doesn't work
> > asIexpected
> >
> > tcp wrappers are automatic and no service needs restarting.  Try
> > restarting vsftd then try again.
> > If you have nothing in your hosts.allow and in your hosts.deny you have
> >
> > ALL:  219.106.229.178
> > ALL:  72.129.200.46
> > ALL:  200.38.
> > ALL:  64.182.
> >
> > It should block them.
> > Can you retest?
> > Nick Baronian
> >
> >
> > On 3/28/06, Bill Watson <bill at magicdigits.com> wrote:
> > >
> > >  Yes I do have tcp_wrappers=YES in vsftpd.conf
> > >
> > > Bill
> > >
> > >  -----Original Message-----
> > > *From:* rhn-users-bounces at redhat.com [mailto:rhn-users-bounces at redhat.com]
> > > *On Behalf Of *Kvetch
> > > *Sent:* Tuesday, March 28, 2006 10:56 AM
> > > *To:* Red Hat Network Users List
> > > *Subject:* Re: [rhn-users] I need help with hosts.deny - doesn't work
> > > as Iexpected
> > >
> > > Do you have
> > > tcp_wrappers=YES
> > > in your vsftpd.conf?
> > >
> > > Nick Baronian
> > >
> > > On 3/28/06, Bill Watson <bill at magicdigits.com > wrote:
> > > >
> > > > I have /etc/hosts.allow that has no entries. I have /etc/hosts.deny
> > > > that
> > > > has:
> > > >
> > > > ALL: 219.106.229.178
> > > > ALL: 72.129.200.46
> > > > ALL: 200.38.
> > > > ALL: 64.182.
> > > >
> > > > >From my readings, I should not be getting any messages from
> > > > 200.38.x.x, yet
> > > > my /var/log/messages shows:
> > > > Mar 28 10:50:36 helmethouse vsftpd(pam_unix)[23790]: check pass;
> > > > user
> > > > unknown
> > > > Mar 28 10:50:36 helmethouse vsftpd(pam_unix)[23790]: authentication
> > > > failure;
> > > > log
> > > > name= uid=0 euid=0 tty= ruser= rhost=200.38.16.6
> > > > Mar 28 10:50:40 helmethouse vsftpd(pam_unix)[23790]: check pass;
> > > > user
> > > > unknown
> > > > Mar 28 10:50:40 helmethouse vsftpd(pam_unix)[23790]: authentication
> > > > failure;
> > > > log
> > > > name= uid=0 euid=0 tty= ruser= rhost=200.38.16.6
> > > >
> > > > And keeps going with a new entry every few seconds.
> > > >
> > > > Is /etc/hosts.deny properly set up?
> > > > Is /etc/hosts.deny immediately active or must some service be
> > > > restarted to
> > > > make it go?
> > > > Does vsftpd bypass /etc/hosts.deny?
> > > >
> > > > Thanks!
> > > > Bill Watson
> > > > bill at magicdigits.com
> > > >
> > > >
> > > > _______________________________________________
> > > > rhn-users mailing list
> > > > rhn-users at redhat.com
> > > > https://www.redhat.com/mailman/listinfo/rhn-users
> > > >
> > >
> > >
> > > _______________________________________________
> > > rhn-users mailing list
> > > rhn-users at redhat.com
> > > https://www.redhat.com/mailman/listinfo/rhn-users
> > >
> > >
> >
> > _______________________________________________
> > rhn-users mailing list
> > rhn-users at redhat.com
> > https://www.redhat.com/mailman/listinfo/rhn-users
> >
> >
>
> _______________________________________________
> rhn-users mailing list
> rhn-users at redhat.com
> https://www.redhat.com/mailman/listinfo/rhn-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/rhn-users/attachments/20060328/d25b2f78/attachment.htm>

More information about the rhn-users mailing list