[rhn-users] I need help with hosts.deny - doesn't work as Iexpected

x6d696168 . x6d696168 at gmail.com
Wed Mar 29 21:31:13 UTC 2006 

You need to restart vsftpd?  This is why iptables is better =)  I can only
imagine a really busy ftpd getting restarted, booting users, because
hosts.deny was updated.. then again really busy ftp sites are probably not
using tcpwrappers for security ;)

-miah

On 3/29/06, Bill Watson <bill at magicdigits.com> wrote:
>
> To all who helped me, thank you!!! This denyhosts offering is interesting,
> but I have already restricted my ssh to about 4 IP addresses. The tool
> doesn't focus elsewhere.
>
> The magic appears to be the unsuspected need to restart vsftpd to get the
> new hosts.deny values.
>
> Bill Watson
> bill at magicdigits.com
>
> -----Original Message-----
> From: rhn-users-bounces at redhat.com [mailto:rhn-users-bounces at redhat.com]
> On
> Behalf Of simon elliston ball
> Sent: Wednesday, March 29, 2006 12:54 AM
> To: Red Hat Network Users List
> Subject: Re: [rhn-users] I need help with hosts.deny - doesn't work as
> Iexpected
>
>
> On the subject of deny.hosts and persistent automated hacking, we've found
> http://denyhosts.sourceforge.net/ very useful. It automates entries in
> hosts.deny by parsing logs to detect dictionary attacks on ssh etc.
>
> simon
>
>
> On Tue, 2006-03-28 at 10:52 -0800, Bill Watson wrote:
> > I have /etc/hosts.allow that has no entries. I have /etc/hosts.deny
> > that
> > has:
> >
> > ALL: 219.106.229.178
> > ALL: 72.129.200.46
> > ALL: 200.38.
> > ALL: 64.182.
> >
> > >From my readings, I should not be getting any messages from
> > >200.38.x.x, yet
> > my /var/log/messages shows:
> > Mar 28 10:50:36 helmethouse vsftpd(pam_unix)[23790]: check pass; user
> > unknown Mar 28 10:50:36 helmethouse vsftpd(pam_unix)[23790]:
> > authentication failure; log
> > name= uid=0 euid=0 tty= ruser= rhost=200.38.16.6
> > Mar 28 10:50:40 helmethouse vsftpd(pam_unix)[23790]: check pass; user
> > unknown
> > Mar 28 10:50:40 helmethouse vsftpd(pam_unix)[23790]: authentication
> failure;
> > log
> > name= uid=0 euid=0 tty= ruser= rhost=200.38.16.6
> >
> > And keeps going with a new entry every few seconds.
> >
> > Is /etc/hosts.deny properly set up?
> > Is /etc/hosts.deny immediately active or must some service be
> > restarted to make it go? Does vsftpd bypass /etc/hosts.deny?
> >
> > Thanks!
> > Bill Watson
> > bill at magicdigits.com
> >
> >
> > _______________________________________________
> > rhn-users mailing list
> > rhn-users at redhat.com https://www.redhat.com/mailman/listinfo/rhn-users
>
> _______________________________________________
> rhn-users mailing list
> rhn-users at redhat.com https://www.redhat.com/mailman/listinfo/rhn-users
>
> _______________________________________________
> rhn-users mailing list
> rhn-users at redhat.com
> https://www.redhat.com/mailman/listinfo/rhn-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/rhn-users/attachments/20060329/96a6f443/attachment.htm>

More information about the rhn-users mailing list