[rhn-users] I need help with hosts.deny - doesn't work asIexpected
Tom Foucha
tom.foucha at neoaccel.com
Tue Mar 28 22:08:40 UTC 2006
To make the TCP Wrappers active you must as -miah stated link it to the
deamon. Example allow:
<application/daemon> : <ip address> : allow
vsftpd : x.x.x.x : allow
You could also put a deny all at the end of the hosts.allow list instead
of using the hosts.deny file since the hosts.allow file is applied
before hosts.deny
vsftpd : ALL : deny
--good luck
________________________________
From: rhn-users-bounces at redhat.com [mailto:rhn-users-bounces at redhat.com]
On Behalf Of x6d696168 .
Sent: Tuesday, March 28, 2006 4:02 PM
To: Red Hat Network Users List
Subject: Re: [rhn-users] I need help with hosts.deny - doesn't work
asIexpected
No, thats wrong.
TCP Wrappers only protects programs that are linked against libwrap.
Xinetd provides a similar filtering functionality, but it doesn't
require tcpwrappers, but it only protects applications running via
xinetd. IPtables is the best way to go, since its kernel based and can
handle anything you throw at it, and doesn't require tcpwrappers, or
xinetd since it sits above them.
-miah
On 3/28/06, Kvetch <kvetch at gmail.com> wrote:
try testing using an IP you have access to.
You can log attempts by doing something like this in your wrappers
ALL: 219.106.229.178 : spawn /bin/echo `/bin/date` access
denied>>/var/log/messages : deny
I haven't done this in a while so you might want to do a google on
logging tcp wrappers
If this doesn't give you what you want you might try using iptables,
since wrappers only protects against services under xinetd.
Nick Baronian
On 3/28/06, Bill Watson < bill at magicdigits.com
<mailto:bill at magicdigits.com> > wrote:
I did a:
service vsftpd stop
service vsftpd start
and the non-stop hacking on vsftpd stopped. Could be one of 2 things,
either this solved my problem permanently, or stopping the service for a
few seconds caused his automatic hack program to hang. Dunno which for
now, nor know how to tell which did it. Is stuff nuked by hosts.deny
logged somewhere?
Thanks for you help!
Bill
-----Original Message-----
From: rhn-users-bounces at redhat.com [mailto:
rhn-users-bounces at redhat.com <mailto:rhn-users-bounces at redhat.com> ] On
Behalf Of Kvetch
Sent: Tuesday, March 28, 2006 11:26 AM
To: Red Hat Network Users List
Subject: Re: [rhn-users] I need help with hosts.deny - doesn't
work asIexpected
tcp wrappers are automatic and no service needs restarting. Try
restarting vsftd then try again.
If you have nothing in your hosts.allow and in your hosts.deny you have
ALL: 219.106.229.178 <http://219.106.229.178/>
ALL: 72.129.200.46 <http://72.129.200.46/>
ALL: 200.38.
ALL: 64.182.
It should block them.
Can you retest?
Nick Baronian
On 3/28/06, Bill Watson <bill at magicdigits.com> wrote:
Yes I do have tcp_wrappers=YES in vsftpd.conf
Bill
-----Original Message-----
From: rhn-users-bounces at redhat.com [mailto:
rhn-users-bounces at redhat.com <mailto:rhn-users-bounces at redhat.com> ] On
Behalf Of Kvetch
Sent: Tuesday, March 28, 2006 10:56 AM
To: Red Hat Network Users List
Subject: Re: [rhn-users] I need help with hosts.deny - doesn't
work as Iexpected
Do you have
tcp_wrappers=YES
in your vsftpd.conf?
Nick Baronian
On 3/28/06, Bill Watson <bill at magicdigits.com > wrote:
I have /etc/hosts.allow that has no entries. I have
/etc/hosts.deny that
has:
ALL: 219.106.229.178
ALL: 72.129.200.46
ALL: 200.38.
ALL: 64.182.
>From my readings, I should not be getting any messages from
200.38.x.x, yet
my /var/log/messages shows:
Mar 28 10:50:36 helmethouse vsftpd(pam_unix)[23790]: check pass;
user
unknown
Mar 28 10:50:36 helmethouse vsftpd(pam_unix)[23790]:
authentication failure;
log
name= uid=0 euid=0 tty= ruser= rhost=200.38.16.6
Mar 28 10:50:40 helmethouse vsftpd(pam_unix)[23790]: check pass;
user
unknown
Mar 28 10:50:40 helmethouse vsftpd(pam_unix)[23790]:
authentication failure;
log
name= uid=0 euid=0 tty= ruser= rhost=200.38.16.6
And keeps going with a new entry every few seconds.
Is /etc/hosts.deny properly set up?
Is /etc/hosts.deny immediately active or must some service be
restarted to
make it go?
Does vsftpd bypass /etc/hosts.deny?
Thanks!
Bill Watson
bill at magicdigits.com
_______________________________________________
rhn-users mailing list
rhn-users at redhat.com
https://www.redhat.com/mailman/listinfo/rhn-users
_______________________________________________
rhn-users mailing list
rhn-users at redhat.com
https://www.redhat.com/mailman/listinfo/rhn-users
_______________________________________________
rhn-users mailing list
rhn-users at redhat.com
https://www.redhat.com/mailman/listinfo/rhn-users
_______________________________________________
rhn-users mailing list
rhn-users at redhat.com
https://www.redhat.com/mailman/listinfo/rhn-users
This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version.
NeoAccel, Inc., 2055 Gateway Place #240, San Jose, CA. 95110 (408) 436-1000
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/rhn-users/attachments/20060328/6a1d4d08/attachment.htm>
More information about the rhn-users
mailing list