[rhn-users] I need help with hosts.deny - doesn't work asIexpected

Kvetch kvetch at gmail.com
Tue Mar 28 22:12:46 UTC 2006 

Miah is correct.  I didn't clearly explain that libwrap is the key to having
services protected using wrappers.

 Nick Baronian

On 3/28/06, x6d696168 . <x6d696168 at gmail.com> wrote:
>
> No, thats wrong.
>
> TCP Wrappers only protects programs that are linked against libwrap.
> Xinetd provides a similar filtering functionality, but it doesn't require
> tcpwrappers, but it only protects applications running via xinetd.  IPtables
> is the best way to go, since its kernel based and can handle anything you
> throw at it, and doesn't require tcpwrappers, or xinetd since it sits above
> them.
>
> -miah
>
> On 3/28/06, Kvetch <kvetch at gmail.com> wrote:
>
> > try testing using an IP you have access to.
> You can log attempts by doing something like this in your wrappers
> ALL:  219.106.229.178 : spawn /bin/echo `/bin/date` access
> denied>>/var/log/messages : deny
>
> I haven't done this in a while so you might want to do a google on logging
> tcp wrappers
> If this doesn't give you what you want you might try using iptables, since
> wrappers only protects against services under xinetd.
>
> Nick Baronian
>
>
>
> On 3/28/06, Bill Watson < bill at magicdigits.com> wrote:
> >
> > I did a:
> > service vsftpd stop
> > service vsftpd start
> >
> > and the non-stop hacking on vsftpd stopped. Could be one of 2 things,
> > either this solved my problem permanently, or stopping the service for a few
> > seconds caused his automatic hack program to hang. Dunno which for now, nor
> > know how to tell which did it. Is stuff nuked by hosts.deny logged
> > somewhere?
> >
> > Thanks for you help!
> > Bill
> >
> >  -----Original Message-----
> > *From:* rhn-users-bounces at redhat.com [mailto:rhn-users-bounces at redhat.com]
> > *On Behalf Of *Kvetch
> > *Sent:* Tuesday, March 28, 2006 11:26 AM
> > *To:* Red Hat Network Users List
> > *Subject:* Re: [rhn-users] I need help with hosts.deny - doesn't work
> > asIexpected
> >
> > tcp wrappers are automatic and no service needs restarting.  Try
> > restarting vsftd then try again.
> > If you have nothing in your hosts.allow and in your hosts.deny you have
> >
> > ALL:  219.106.229.178
> > ALL:  72.129.200.46
> > ALL:  200.38.
> > ALL:  64.182.
> >
> > It should block them.
> > Can you retest?
> > Nick Baronian
> >
> >
> > On 3/28/06, Bill Watson <bill at magicdigits.com> wrote:
> > >
> > >  Yes I do have tcp_wrappers=YES in vsftpd.conf
> > >
> > > Bill
> > >
> > >  -----Original Message-----
> > > *From:* rhn-users-bounces at redhat.com [mailto:rhn-users-bounces at redhat.com]
> > > *On Behalf Of *Kvetch
> > > *Sent:* Tuesday, March 28, 2006 10:56 AM
> > > *To:* Red Hat Network Users List
> > > *Subject:* Re: [rhn-users] I need help with hosts.deny - doesn't work
> > > as Iexpected
> > >
> > > Do you have
> > > tcp_wrappers=YES
> > > in your vsftpd.conf?
> > >
> > > Nick Baronian
> > >
> > > On 3/28/06, Bill Watson <bill at magicdigits.com > wrote:
> > > >
> > > > I have /etc/hosts.allow that has no entries. I have /etc/hosts.deny
> > > > that
> > > > has:
> > > >
> > > > ALL: 219.106.229.178
> > > > ALL: 72.129.200.46
> > > > ALL: 200.38.
> > > > ALL: 64.182.
> > > >
> > > > >From my readings, I should not be getting any messages from
> > > > 200.38.x.x, yet
> > > > my /var/log/messages shows:
> > > > Mar 28 10:50:36 helmethouse vsftpd(pam_unix)[23790]: check pass;
> > > > user
> > > > unknown
> > > > Mar 28 10:50:36 helmethouse vsftpd(pam_unix)[23790]: authentication
> > > > failure;
> > > > log
> > > > name= uid=0 euid=0 tty= ruser= rhost=200.38.16.6
> > > > Mar 28 10:50:40 helmethouse vsftpd(pam_unix)[23790]: check pass;
> > > > user
> > > > unknown
> > > > Mar 28 10:50:40 helmethouse vsftpd(pam_unix)[23790]: authentication
> > > > failure;
> > > > log
> > > > name= uid=0 euid=0 tty= ruser= rhost=200.38.16.6
> > > >
> > > > And keeps going with a new entry every few seconds.
> > > >
> > > > Is /etc/hosts.deny properly set up?
> > > > Is /etc/hosts.deny immediately active or must some service be
> > > > restarted to
> > > > make it go?
> > > > Does vsftpd bypass /etc/hosts.deny?
> > > >
> > > > Thanks!
> > > > Bill Watson
> > > > bill at magicdigits.com
> > > >
> > > >
> > > > _______________________________________________
> > > > rhn-users mailing list
> > > > rhn-users at redhat.com
> > > > https://www.redhat.com/mailman/listinfo/rhn-users
> > > >
> > >
> > >
> > > _______________________________________________
> > > rhn-users mailing list
> > > rhn-users at redhat.com
> > > https://www.redhat.com/mailman/listinfo/rhn-users
> > >
> > >
> >
> > _______________________________________________
> > rhn-users mailing list
> > rhn-users at redhat.com
> > https://www.redhat.com/mailman/listinfo/rhn-users
> >
> >
>
> _______________________________________________
>
> rhn-users mailing list
> rhn-users at redhat.com
> https://www.redhat.com/mailman/listinfo/rhn-users
>
>
>
> _______________________________________________
> rhn-users mailing list
> rhn-users at redhat.com
> https://www.redhat.com/mailman/listinfo/rhn-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/rhn-users/attachments/20060328/367d10a9/attachment.htm>

More information about the rhn-users mailing list