[rhn-users] I need help with hosts.deny - doesn't work as Iexpected

Thu Mar 30 13:47:58 UTC 2006

No, you shouldn't need to restart any service that is compiled to use
wrappers if you make a wrapper change.  I only told him to restart because I
thought either
--- vsftpd didn't have the tcp_wrappers=yes in the conf when it was started
and the option needed to be picked up.
--- the user trying to log into his box was actually logged in and had a
established connection
--- I though it could have been a possibility that the user trying to log
into his box was pounding him with enough login attempts that he basically
had a open established connection and needed to be disconnected so he can't
reconnect.

Nick Baronian

On 3/29/06, x6d696168 . <x6d696168 at gmail.com> wrote:
>
> You need to restart vsftpd?  This is why iptables is better =)  I can only
> imagine a really busy ftpd getting restarted, booting users, because
> hosts.deny was updated.. then again really busy ftp sites are probably not
> using tcpwrappers for security ;)
>
> -miah
>
>
> On 3/29/06, Bill Watson <bill at magicdigits.com> wrote:
> >
> > To all who helped me, thank you!!! This denyhosts offering is
> > interesting,
> > but I have already restricted my ssh to about 4 IP addresses. The tool
> > doesn't focus elsewhere.
> >
> > The magic appears to be the unsuspected need to restart vsftpd to get
> > the
> > new hosts.deny values.
> >
> > Bill Watson
> > bill at magicdigits.com
> >
> > -----Original Message-----
> > From: rhn-users-bounces at redhat.com [mailto:rhn-users-bounces at redhat.com]
> > On
> > Behalf Of simon elliston ball
> > Sent: Wednesday, March 29, 2006 12:54 AM
> > To: Red Hat Network Users List
> > Subject: Re: [rhn-users] I need help with hosts.deny - doesn't work as
> > Iexpected
> >
> >
> > On the subject of deny.hosts and persistent automated hacking, we've
> > found
> > http://denyhosts.sourceforge.net/ very useful. It automates entries in
> > hosts.deny by parsing logs to detect dictionary attacks on ssh etc.
> >
> > simon
> >
> >
> > On Tue, 2006-03-28 at 10:52 -0800, Bill Watson wrote:
> > > I have /etc/hosts.allow that has no entries. I have /etc/hosts.deny
> > > that
> > > has:
> > >
> > > ALL: 219.106.229.178
> > > ALL: 72.129.200.46
> > > ALL: 200.38.
> > > ALL: 64.182.
> > >
> > > >From my readings, I should not be getting any messages from
> > > >200.38.x.x, yet
> > > my /var/log/messages shows:
> > > Mar 28 10:50:36 helmethouse vsftpd(pam_unix)[23790]: check pass; user
> > > unknown Mar 28 10:50:36 helmethouse vsftpd(pam_unix)[23790]:
> > > authentication failure; log
> > > name= uid=0 euid=0 tty= ruser= rhost=200.38.16.6
> > > Mar 28 10:50:40 helmethouse vsftpd(pam_unix)[23790]: check pass; user
> > > unknown
> > > Mar 28 10:50:40 helmethouse vsftpd(pam_unix)[23790]: authentication
> > failure;
> > > log
> > > name= uid=0 euid=0 tty= ruser= rhost=200.38.16.6
> > >
> > > And keeps going with a new entry every few seconds.
> > >
> > > Is /etc/hosts.deny properly set up?
> > > Is /etc/hosts.deny immediately active or must some service be
> > > restarted to make it go? Does vsftpd bypass /etc/hosts.deny?
> > >
> > > Thanks!
> > > Bill Watson
> > > bill at magicdigits.com
> > >
> > >
> > > _______________________________________________
> > > rhn-users mailing list
> > > rhn-users at redhat.com https://www.redhat.com/mailman/listinfo/rhn-users
> >
> > _______________________________________________
> > rhn-users mailing list
> > rhn-users at redhat.com https://www.redhat.com/mailman/listinfo/rhn-users
> >
> > _______________________________________________
> > rhn-users mailing list
> > rhn-users at redhat.com
> > https://www.redhat.com/mailman/listinfo/rhn-users
> >
>
>
> _______________________________________________
> rhn-users mailing list
> rhn-users at redhat.com
> https://www.redhat.com/mailman/listinfo/rhn-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/rhn-users/attachments/20060330/614f1d19/attachment.htm>