LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-31-2004, 07:58 PM   #1
lexton
LQ Newbie
 
Registered: Mar 2004
Posts: 3

Rep: Reputation: 0
deny.hosts does not work in blocking anything


Hi All,

I'm running fedora redhat and I'm trying to test my hosts.deny file.

I've opened up a connection on : port 143 with this command for netcat

nc -p 143 -l

This creates a pseudo server that I then try to connect to from a remote host.

Now I have set hosts.deny to --> ALL : ALL

and hosts.allow to --> ALL: LOCAL

However everytime I try to connect to port 143 it lets me login when it should be denying me access?

I thought Fedora would have support for hosts.deny even on a basic install? What is wrong here?
 
Old 04-06-2004, 02:37 AM   #2
ugge
Senior Member
 
Registered: Dec 2000
Location: Gothenburg, SWEDEN
Distribution: OpenSUSE 10.3
Posts: 1,028

Rep: Reputation: 45
The hosts.allow hosts.deny files are part of the tcpwrappers system.
To be able to use this kind of control the server need to be compiled with tcpwrapper support.
Some server functions are ready to run with tcpwrappers while others need to be recompiled or just replace the command line that runs the server. Usually in the /etc/xinetd.conf or /etc/xinetd.d/
 
Old 04-06-2004, 04:15 AM   #3
dominant
Member
 
Registered: Jan 2004
Posts: 409

Rep: Reputation: 30
what about sendmail?
 
Old 04-06-2004, 07:00 AM   #4
ugge
Senior Member
 
Registered: Dec 2000
Location: Gothenburg, SWEDEN
Distribution: OpenSUSE 10.3
Posts: 1,028

Rep: Reputation: 45
Scissored out from http://www.cert.org/security-improve...s/i041.07.html
Quote:
All servers cannot be protected by tcpd due to the specific details of the network protocols and the different services:

* tcpd is designed to be started with each new connection in order to log the connections. Servers such as sendmail that have a high overhead are typically started once to reduce startup overhead; therefore they are not easily managed by tcpd which only logs the first connection.
* tcpd can only protect servers that use TCP (transmission control protocol) and UDP (user datagram protocol).
* Some servers use both TCP and RPC (remote procedure call) protocols. These cannot be protected by tcp wrapper. These servers specify the protocols as rpc/tcp in the third field of inetd.conf (4).
* Only servers that operate on one connection at a time can be protected. (Note that there may be multiple instances of such server processes at any given time, but each instance is only activated for exactly one connection and terminates upon completion. This is different from having one instance handle multiple incoming connections.) Other servers stay active after finishing the initiating connection waiting for other connection requests. Such servers can be recognized by the flag "wait" in the fourth field of inetd.conf.
 
Old 04-06-2004, 08:45 AM   #5
320mb
Senior Member
 
Registered: Nov 2002
Location: pikes peak
Distribution: Slackware, LFS
Posts: 2,577

Rep: Reputation: 48
Quote:
Now I have set hosts.deny to --> ALL : ALL
try this......
DENY:ALL(ALL)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
hosts.allow & hosts.deny question... jonc Linux - Security 9 03-05-2005 09:41 PM
Adding shell commands to hosts.deny and hosts.allow ridertech Linux - Security 3 12-29-2003 03:52 PM
hosts.deny help/how-to jon_k Linux - Software 1 07-25-2003 10:17 PM
hosts.deny and hosts.allow defaults? gui10 Linux - Security 5 12-20-2001 01:57 AM
hosts.deny 98steve600 Linux - General 1 01-10-2001 07:39 PM


All times are GMT -5. The time now is 07:05 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration