[rhn-users] I need help with hosts.deny - doesn't work as I expected
simon elliston ball
sball at cromwells.co.uk
Wed Mar 29 08:53:35 UTC 2006
On the subject of deny.hosts and persistent automated hacking, we've
found http://denyhosts.sourceforge.net/ very useful. It automates
entries in hosts.deny by parsing logs to detect dictionary attacks on
ssh etc.
simon
On Tue, 2006-03-28 at 10:52 -0800, Bill Watson wrote:
> I have /etc/hosts.allow that has no entries. I have /etc/hosts.deny that
> has:
>
> ALL: 219.106.229.178
> ALL: 72.129.200.46
> ALL: 200.38.
> ALL: 64.182.
>
> >From my readings, I should not be getting any messages from 200.38.x.x, yet
> my /var/log/messages shows:
> Mar 28 10:50:36 helmethouse vsftpd(pam_unix)[23790]: check pass; user
> unknown
> Mar 28 10:50:36 helmethouse vsftpd(pam_unix)[23790]: authentication failure;
> log
> name= uid=0 euid=0 tty= ruser= rhost=200.38.16.6
> Mar 28 10:50:40 helmethouse vsftpd(pam_unix)[23790]: check pass; user
> unknown
> Mar 28 10:50:40 helmethouse vsftpd(pam_unix)[23790]: authentication failure;
> log
> name= uid=0 euid=0 tty= ruser= rhost=200.38.16.6
>
> And keeps going with a new entry every few seconds.
>
> Is /etc/hosts.deny properly set up?
> Is /etc/hosts.deny immediately active or must some service be restarted to
> make it go?
> Does vsftpd bypass /etc/hosts.deny?
>
> Thanks!
> Bill Watson
> bill at magicdigits.com
>
>
> _______________________________________________
> rhn-users mailing list
> rhn-users at redhat.com
> https://www.redhat.com/mailman/listinfo/rhn-users
More information about the rhn-users
mailing list