[lug] hosts.deny not denying

Hugh Brown hugh at math.byu.edu
Wed Jan 31 12:21:14 MST 2007 


On Wed, 31 Jan 2007 gordongoldin at netscape.net wrote:

>  Saw something scarey with hosts.
>
> I configure servers in the office and then carry them out to the field.
> For security, I set hosts. like this: allow localhost, my VPN - 10..., and my environment.
> (A)
> /etc/hosts.deny
> ALL: ALL
> /etc/hosts.allow
> ALL: localhost, 10.10.10., 128.138.
> Every time I take a server out, I forget this, then get a message: "connection closed..."
>
> Then I add the local environment (10.146.), and I can get in:
> (B)
>  /etc/hosts.deny
> ALL: ALL
> /etc/hosts.allow
> ALL: localhost, 10.10.10., 128.138., 10.146.
>
> This time, I re-used and upgraded the same server that was there before.
> And all the PCs could get to it.
> WITHOUT the new environment added..... see (A) above.
>
> I am going directly from FC3 to FC5 and have seen a couple little wierdnesses, like not being able to access a gateway.
> But all the other machines like this wouldn't respond until hosts.allow had the local environment.
>
> Here is ifconfig:
> eth0      Link encap:Ethernet  HWaddr 00:0C:F1:AA:24:EF
>           inet addr:10.146.130.250  Bcast:10.146.131.255  Mask:255.255.252.0
>           inet6 addr: fe80::20c:f1ff:feaa:24ef/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:51939 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:14030 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:100
>           RX bytes:4644340 (4.4 MiB)  TX bytes:3189579 (3.0 MiB)
>           Base address:0xdf40 Memory:fcfe0000-fd000000
> lo        Link encap:Local Loopback
>           inet addr:127.0.0.1  Mask:255.0.0.0
>           inet6 addr: ::1/128 Scope:Host
>           UP LOOPBACK RUNNING  MTU:16436  Metric:1
>           RX packets:3162 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:3162 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0
>           RX bytes:2353612 (2.2 MiB)  TX bytes:2353612 (2.2 MiB)
> tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
>           inet addr:10.10.10.38  P-t-P:10.10.10.37  Mask:255.255.255.255
>           UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
>           RX packets:112 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:73 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:100
>           RX bytes:9830 (9.5 KiB)  TX bytes:9952 (9.7 KiB)





I've had problems with tcp_wrappers when it was using the IPv6
address instead of the IPv4 one.  Also, if
the service isn't tcp_wrappers aware, then it obviously won't check
/etc/hosts.*

Hugh

More information about the LUG mailing list