LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 05-10-2007, 03:00 PM   #1
pdown85
LQ Newbie
 
Registered: Dec 2006
Location: Surrey, UK
Distribution: CentOS 4.5
Posts: 26

Rep: Reputation: 15
Problem using hosts.allow with vsftpd


OS: Linux CentOS 4.4 (2.6.9-42.0.10.EL)

Two issues. First more significant, the second an inconvenience more than anything.

1. VSFTPD rule and logging problem

I am seeking to use hosts.allow to allow/deny some application accesses to my Linux box. Reduce the hits on sshd for a start: one evening >3600 in a 3hr period from a single remote IP address (I use public key authentication so trying to get in on user/apsswrod is a bit of a waste of time) but in an effort to reduce those hits I am using hosts.allow/deny.

However, I have encountering a funny when trying to log attempted accesses to vsftpd.

Starting with something that is working flawlessly, here are the lines for sshd:

Code:
sshd: LOCAL  \
123.123. .some-domain.com \
    : spawn ( /bin/echo "`/bin/date` access GRANTED [process %d, server %H, address %a, client %h, info %c, username %u]" | \
    tee -a /tmp/log/my-hosts-allow-allow-rule.log | \
    /bin/mail -s "hosts.allow (sshd\:SELECTIVE) GRANTED rule triggered" name@valid-address ) & \
    : allow

# catch all other attempts, deny access and log attempt
sshd: ALL \
    : spawn ( /bin/echo "`/bin/date` access DENIED [process %d, server %H, address %a, client %h, info %c, username %u]" | \
    tee -a /tmp/log/my-hosts-allow-deny-rule.log | \
    /bin/mail -s "hosts.allow (sshd\:SELECTIVE) DENIED rule triggered" name@valid-address ) & \
    : deny
Both of these work perfectly logging the results to file and emailing the logs. The match on 123.123. (my office IP/domain) works.

Now for vsftpd:

Code:
vsftpd: ALL \
    : allow
This works perfectly; my SmartFTP client from an office PC logs straight in as expected.
But I want to log attempts to access vsftpd, so now the issue. I try:

Code:
vsftpd: LOCAL 192.168. \
123.123. .some-domain.com \
    : spawn ( /bin/echo "`/bin/date` access GRANTED [process %d, server %H, address %a, client %h, info %c, username %u]" | \
    tee -a /tmp/log/my-hosts-allow-allow-rule.log | \
    /bin/mail -s "hosts.allow (vsftpd\:SELECTIVE) GRANTED rule triggered" name@valid-address ) & \
    : allow
These lines write out an "access" granted line to the tee'd log file and even successfully send the email of the log file (saying access is granted!), all as expected - but SmartFTP actually fails to logon, times out, re-tries, time-outs, repeating until the re-try limit is reached. Access is blocked. Remove the logging lines again ... and SmartFTP gets straight in as before.
What is happening here? The SSHD rule(s) prove the (same) logging and emailing lines work fine, and the vsftpd: ALL test rules show SmartFTP can log on fine from the office PC. So why is the addition of the logging/emiling lines to the vsftpd rules causing FTP logon to fail?

I have noticed that for the sshd allow/deny rule the log file is written with permissions 0644.
When the vsftpd logging rule variant is applied the log file is written with permissions 0600. I cannot see why.

What is different about vsftpd? Is there something in the vsftpd configuration I am not setting?
Any suggestions welcome.

2) Second point, although not so much as an issue

Regarding the line:

Code:
123.123. .some-domain.com \
I find if I use:

Code:
123.123. \
I get access with this fine.

But if I use:

Code:
.some-domain.com \
I do not get a match and fail to logon.
So the match in the first line is because of the IP address matching and not the domain name. Why? I should get access matching in a rule for either IP or domain name (where I have double-checked both are valid), or am I misunderstanding something.

If you've read this far ... apologies for being rather long-winded!
TIA.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
vsftpd, web uploads, vsftpd virtual users, apache virtual hosts, home directories jerryasher Linux - Software 7 02-18-2007 06:29 AM
/etc/hosts.deny/hosts.allow have no effect on sshd access bganesh Linux - Security 4 05-04-2006 08:06 PM
hosts.allow & hosts.deny question... jonc Linux - Security 9 03-05-2005 09:41 PM
vsftpd in the hosts.allow file ilaurie Linux - Software 1 12-31-2004 06:40 PM
Adding shell commands to hosts.deny and hosts.allow ridertech Linux - Security 3 12-29-2003 03:52 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:11 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration