[rhn-users] I need help with hosts.deny - doesn't work as Iexpected

Bill Watson bill at magicdigits.com
Wed Mar 29 17:28:26 UTC 2006 

To all who helped me, thank you!!! This denyhosts offering is interesting,
but I have already restricted my ssh to about 4 IP addresses. The tool
doesn't focus elsewhere.

The magic appears to be the unsuspected need to restart vsftpd to get the
new hosts.deny values.

Bill Watson
bill at magicdigits.com

-----Original Message-----
From: rhn-users-bounces at redhat.com [mailto:rhn-users-bounces at redhat.com] On
Behalf Of simon elliston ball
Sent: Wednesday, March 29, 2006 12:54 AM
To: Red Hat Network Users List
Subject: Re: [rhn-users] I need help with hosts.deny - doesn't work as
Iexpected


On the subject of deny.hosts and persistent automated hacking, we've found
http://denyhosts.sourceforge.net/ very useful. It automates entries in
hosts.deny by parsing logs to detect dictionary attacks on ssh etc.

simon


On Tue, 2006-03-28 at 10:52 -0800, Bill Watson wrote:
> I have /etc/hosts.allow that has no entries. I have /etc/hosts.deny 
> that
> has:
> 
> ALL: 219.106.229.178
> ALL: 72.129.200.46
> ALL: 200.38.
> ALL: 64.182.
> 
> >From my readings, I should not be getting any messages from 
> >200.38.x.x, yet
> my /var/log/messages shows:
> Mar 28 10:50:36 helmethouse vsftpd(pam_unix)[23790]: check pass; user 
> unknown Mar 28 10:50:36 helmethouse vsftpd(pam_unix)[23790]: 
> authentication failure; log
> name= uid=0 euid=0 tty= ruser= rhost=200.38.16.6
> Mar 28 10:50:40 helmethouse vsftpd(pam_unix)[23790]: check pass; user
> unknown
> Mar 28 10:50:40 helmethouse vsftpd(pam_unix)[23790]: authentication
failure;
> log
> name= uid=0 euid=0 tty= ruser= rhost=200.38.16.6
> 
> And keeps going with a new entry every few seconds.
> 
> Is /etc/hosts.deny properly set up?
> Is /etc/hosts.deny immediately active or must some service be 
> restarted to make it go? Does vsftpd bypass /etc/hosts.deny?
> 
> Thanks!
> Bill Watson
> bill at magicdigits.com
> 
> 
> _______________________________________________
> rhn-users mailing list
> rhn-users at redhat.com https://www.redhat.com/mailman/listinfo/rhn-users

_______________________________________________
rhn-users mailing list
rhn-users at redhat.com https://www.redhat.com/mailman/listinfo/rhn-users

More information about the rhn-users mailing list