[rhn-users] I need help with hosts.deny - doesn't work asIexpected

x6d696168 . x6d696168 at gmail.com
Tue Mar 28 22:14:10 UTC 2006 

yes, you generally need to include the daemons name, but when i said link, i
ment when compiling the program needs to have been compiled with support for
tcpwrappers, which means it gets linked to libwrap.a =).  Just sticking
"mydaemon: ALL: ip" will not work if the application does not support
tcpwrappers.  I don't recommend tcpwrappers because of this issue, and
instead recommend iptables as it will allways work.

-miah

On 3/28/06, Tom Foucha <tom.foucha at neoaccel.com> wrote:
>
>  To make the TCP Wrappers active you must as –miah stated link it to the
> deamon. Example allow:
>
>
>
> <application/daemon> : <ip address> : allow
>
>
>
> vsftpd : x.x.x.x : allow
>
>
>
> You could also put a deny all at the end of the hosts.allow list instead
> of using the hosts.deny file since the hosts.allow file is applied before
> hosts.deny
>
>
>
> vsftpd : ALL : deny
>
>
>
>
>
> --good luck
>
>
>
>
>
>
>  ------------------------------
>
> *From:* rhn-users-bounces at redhat.com [mailto:rhn-users-bounces at redhat.com]
> *On Behalf Of *x6d696168 .
> *Sent:* Tuesday, March 28, 2006 4:02 PM
>
> *To:* Red Hat Network Users List
> *Subject:* Re: [rhn-users] I need help with hosts.deny - doesn't work
> asIexpected
>
>
>
> No, thats wrong.
>
> TCP Wrappers only protects programs that are linked against libwrap.
> Xinetd provides a similar filtering functionality, but it doesn't require
> tcpwrappers, but it only protects applications running via xinetd.  IPtables
> is the best way to go, since its kernel based and can handle anything you
> throw at it, and doesn't require tcpwrappers, or xinetd since it sits above
> them.
>
> -miah
>
> On 3/28/06, *Kvetch* <kvetch at gmail.com> wrote:
>
> try testing using an IP you have access to.
> You can log attempts by doing something like this in your wrappers
> ALL:  219.106.229.178 : spawn /bin/echo `/bin/date` access
> denied>>/var/log/messages : deny
>
> I haven't done this in a while so you might want to do a google on logging
> tcp wrappers
> If this doesn't give you what you want you might try using iptables, since
> wrappers only protects against services under xinetd.
>
> Nick Baronian
>
>
>  On 3/28/06, *Bill Watson* < bill at magicdigits.com> wrote:
>
> I did a:
>
> service vsftpd stop
>
> service vsftpd start
>
>
>
> and the non-stop hacking on vsftpd stopped. Could be one of 2 things,
> either this solved my problem permanently, or stopping the service for a few
> seconds caused his automatic hack program to hang. Dunno which for now, nor
> know how to tell which did it. Is stuff nuked by hosts.deny logged
> somewhere?
>
>
>
> Thanks for you help!
>
> Bill
>
>  -----Original Message-----
> *From:* rhn-users-bounces at redhat.com [mailto: rhn-users-bounces at redhat.com]
> *On Behalf Of *Kvetch
>
> *Sent:* Tuesday, March 28, 2006 11:26 AM
> *To:* Red Hat Network Users List
> *Subject:* Re: [rhn-users] I need help with hosts.deny - doesn't work
> asIexpected
>
>  tcp wrappers are automatic and no service needs restarting.  Try
> restarting vsftd then try again.
> If you have nothing in your hosts.allow and in your hosts.deny you have
>
> ALL:  219.106.229.178
> ALL:*  *72.129.200.46
> ALL:  200.38.
> ALL:  64.182.
>
> It should block them.
> Can you retest?
> Nick Baronian
>
>  On 3/28/06, *Bill Watson* <bill at magicdigits.com> wrote:
>
> Yes I do have tcp_wrappers=YES in vsftpd.conf
>
>
>
> Bill
>
> -----Original Message-----
> *From:* rhn-users-bounces at redhat.com [mailto: rhn-users-bounces at redhat.com]
> *On Behalf Of *Kvetch
> *Sent:* Tuesday, March 28, 2006 10:56 AM
> *To:* Red Hat Network Users List
> *Subject:* Re: [rhn-users] I need help with hosts.deny - doesn't work as
> Iexpected
>
> Do you have
> tcp_wrappers=YES
> in your vsftpd.conf?
>
> Nick Baronian
>
> On 3/28/06, *Bill Watson* <bill at magicdigits.com > wrote:
>
> I have /etc/hosts.allow that has no entries. I have /etc/hosts.deny that
> has:
>
> ALL: 219.106.229.178
> ALL: 72.129.200.46
> ALL: 200.38.
> ALL: 64.182.
>
> >From my readings, I should not be getting any messages from 200.38.x.x,
> yet
> my /var/log/messages shows:
> Mar 28 10:50:36 helmethouse vsftpd(pam_unix)[23790]: check pass; user
> unknown
> Mar 28 10:50:36 helmethouse vsftpd(pam_unix)[23790]: authentication
> failure;
> log
> name= uid=0 euid=0 tty= ruser= rhost=200.38.16.6
> Mar 28 10:50:40 helmethouse vsftpd(pam_unix)[23790]: check pass; user
> unknown
> Mar 28 10:50:40 helmethouse vsftpd(pam_unix)[23790]: authentication
> failure;
> log
> name= uid=0 euid=0 tty= ruser= rhost=200.38.16.6
>
> And keeps going with a new entry every few seconds.
>
> Is /etc/hosts.deny properly set up?
> Is /etc/hosts.deny immediately active or must some service be restarted to
>
> make it go?
> Does vsftpd bypass /etc/hosts.deny?
>
> Thanks!
> Bill Watson
> bill at magicdigits.com
>
>
> _______________________________________________
> rhn-users mailing list
> rhn-users at redhat.com
> https://www.redhat.com/mailman/listinfo/rhn-users
>
>
>
>
> _______________________________________________
> rhn-users mailing list
> rhn-users at redhat.com
> https://www.redhat.com/mailman/listinfo/rhn-users
>
>
>
>
> _______________________________________________
> rhn-users mailing list
> rhn-users at redhat.com
> https://www.redhat.com/mailman/listinfo/rhn-users
>
>
>
>
> _______________________________________________
> rhn-users mailing list
> rhn-users at redhat.com
> https://www.redhat.com/mailman/listinfo/rhn-users
>
>
>
> This message contains confidential information and is intended only for
> the individual named. If you are not the named addressee you should not
> disseminate, distribute or copy this e-mail. Please notify the sender
> immediately by e-mail if you have received this e-mail by mistake and delete
> this e-mail from your system. E-mail transmission cannot be guaranteed to be
> secure or error-free as information could be intercepted, corrupted, lost,
> destroyed, arrive late or incomplete, or contain viruses. The sender
> therefore does not accept liability for any errors or omissions in the
> contents of this message, which arise as a result of e-mail transmission. If
> verification is required please request a hard-copy version.
>
> NeoAccel, Inc., 2055 Gateway Place #240, San Jose, CA. 95110 (408)
> 436-1000
>
> _______________________________________________
> rhn-users mailing list
> rhn-users at redhat.com
> https://www.redhat.com/mailman/listinfo/rhn-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/rhn-users/attachments/20060328/251cf154/attachment.htm>

More information about the rhn-users mailing list