On Thu, Nov 03, 2005 at 12:42:14PM +0200, Meni Shapiro wrote:
> eg:
> /etc/hosts.allow:
> SENDMAIL: ALL
> #HTTPD: ALL
Apache doesn't usually use tcpwrappers. Even if it did, you have it
commented out. Doh!
As for sendmail, assuming it's compiled for tcpwrappers, you should
probably be using a
On Thu, Nov 03, 2005 at 12:42:14PM +0200, Meni Shapiro wrote:
> i got a problem with /etc/hosts.allow & /etc/host.deny
> I got some rules there BUT i notice what ever i put it is ignored!!!
> the files are not effective
First of all, you haven't included hosts.deny. Unless you are
default-den
On Thu, Nov 03, 2005 at 12:42:14PM +0200, Meni Shapiro wrote:
> i got a problem with /etc/hosts.allow & /etc/host.deny
> I got some rules there BUT i notice what ever i put it is ignored!!!
> the files are not effective
>
> Why is that??
>
> eg:
> /etc/hosts.allow:
> SENDMAIL: ALL
> #HTTPD:
On Wed, Sep 21, 2005 at 08:37:11PM -0500, garaged wrote:
> tcpwrappers is, IMO, a quite deprecated tool, firewalls are reliable
> and more adequate this days.
I'm going by the usual security advice to use multiple layers of security.
>
> To answer your question, if apache is started by xinetd, h
tcpwrappers is, IMO, a quite deprecated tool, firewalls are reliable
and more adequate this days.
To answer your question, if apache is started by xinetd, host.* files
are relevant, most distributions now dont bind apache to xinetd, i'm
not even sure if it's convenient, I would think that it is no
Hello
Stefan O'Rear (<[EMAIL PROTECTED]>) wrote:
> On Fri, Sep 24, 2004 at 10:46:27AM +0530, Nayyar Ahmed wrote:
>>
>> I want to add an ip address 203.128.5.100
>> to /etc/hosts.allow , please tel me wat will be the entry.??
>
> $ apropos hosts
> ...
> hosts_access (5) - format of host acces
On Fri, Sep 24, 2004 at 10:46:27AM +0530, Nayyar Ahmed wrote:
> Hello All,
>
> I want to add an ip address 203.128.5.100
> to /etc/hosts.allow , please tel me wat will be the entry.??
$ apropos hosts
...
hosts_access (5) - format of host access control files
...
$ man 5 hosts_access
Read it.
Well, now I know why ALL: ALL in hosts.deny stopped things.
It turns out that hosts.allow does not allow "ALL: my.ip.address" but is
happy with "ALL: 203.x.y.z" or even "ALL: 203.x.y." There is a note about
this regarding the portmapper but I had not realised that the portmapper
is involved.
T
On Mon, Aug 07, 2000 at 09:51:50AM -0400, Noah L. Meyerhans wrote:
> -BEGIN PGP SIGNED MESSAGE-
>
> These are by no means irrelevant to sshd, even if it is not run from
> inetd. Read the man page for sshd, in which you'll see that it can be
> build with direct support for tcp_wrappers. I
On Mon, Aug 07, 2000 at 04:05:19AM -0700, Eric G . Miller wrote:
> You're denying everyone and allowing no one. There's a good reason you
> can't connect ;). In /etc/hosts.allow, you could put:
no he is not, true there is nothing in hosts.allow, but all he has in
hosts.deny is ALL: PARANOID whic
-BEGIN PGP SIGNED MESSAGE-
These are by no means irrelevant to sshd, even if it is not run from
inetd. Read the man page for sshd, in which you'll see that it can be
build with direct support for tcp_wrappers. If it is (I don't know what
the configure options in the Debian build are, but
On Mon, Aug 07, 2000 at 09:48:13PM +0800, Lindsay Allen wrote:
>
> Hello world,
>
> I have a hosts_access problem.
>
> hosts.deny has the line
> ALL:ALL
>
> This stops me logging in with ssh. The problem is that if I put a line in
> hosts.allow like
> sshd: my.ip.address
> the rule does not
You're denying everyone and allowing no one. There's a good reason you
can't connect ;). In /etc/hosts.allow, you could put:
ALL: LOCAL
However, you shouldn't be running sshd from inetd -- it's too slow. If
you aren't running ssh from inetd, then you're problem is elsewhere.
Maybe check /etc/s
> Hi all,
>
> Like a good paranoid user, I protect my dial-up machine with both a
> firewall using ipchains, and also using tcp wrappers to add a further
> layer of security.
>
> Sometimes I find it convinient to scp things to my machine for the
> outside world, so I leave my ssh port open (I'm u
Sorry to reply to my own post...
I'm an idiot - it should have been sshd: ALL, not ssh: ALL. All fixed,
all by myself!
cheers,
damon
Quoth Damon Muller,
> Hi all,
>
> Like a good paranoid user, I protect my dial-up machine with both a
> firewall using ipchains, and also using tcp wrappers to
hi ya jon
check that your telnet daemon is called /usr/sbin/in.telnetd
grep -i telnetd /etc/inetd.conf
remember that hosts.allow is read before hosts.deny
so you can use positive or negative logic which ever file
you decide to use...
/etc/hosts.allow
#
# hosts.allow This
Jay Kelly wrote:
>
> Ok I have two qeustion for the group,
>
> 1) I am wanting to use the finger command in my hosts.allow file to see who
> has been in my system. Im using
> spawn (/usr/sbin/safe_finger -l @%h | /usr/ucb/mail root) but I dont receive
> any mail. Am I doing this right?
Sorry, ca
2) When I try to edit my hosts.allow file with ae, it will
not allow me to
make any changes. Im logged in as root I make the changes
then use ctrl x,
ctrl s to save but it doesnt take the command. All I get it
a x and s on the
screen. Any thoughts???
Got the answer ;-)
And youre right ofcourse
Regards,
Onno
At 03:15 PM 12/8/99 -0500, Jaldhar H. Vyas wrote:
>A plea to debian-user readers
>=
>
>Please, please, please if you are going to install things, especially from
>unstable, extra-especially if you rely u
At 01:28 PM 12/8/99 -0500, Jaldhar H. Vyas wrote:
[snip]
>Do you have an /etc/cram-md5.pwd file?
>Does it have actual usernames and passwords in it?
Do you have more info on this?
Regards,
Onno
>--
>Jaldhar H. Vyas <[EMAIL PROTECTED]>
>
>
>--
>Unsubscribe? mail -s unsubscribe [EMAIL PROTECT
On Wed, Dec 08, 1999 at 03:15:37PM -0500, Jaldhar H. Vyas wrote:
> A plea to debian-user readers
> =
>
> Please, please, please if you are going to install things, especially from
> unstable, extra-especially if you rely upon them for important things,
>
> READ THE FIN
A plea to debian-user readers
=
Please, please, please if you are going to install things, especially from
unstable, extra-especially if you rely upon them for important things,
READ THE FINE DOCUMENTATION which can be found in /usr/doc/ or
/usr/share/doc/ particularly
On Wed, 8 Dec 1999, Patrick Kirk wrote:
patric >The message could not be sent because one of the recipients
was rejected by the server. The rejected e-mail address was
'[EMAIL PROTECTED]'. Subject 'Unlimited surfing from BT',
Account: 'tele2', Server: '212.19.67.118', Protocol:
SMTP, Server R
Yes. Adding the usernames and passwords fixed things. What is this? Where
does it come from and do I need to manually update it?
Thanks for making the system work at least!
Patrick
On Tue, 7 Dec 1999, Patrick Kirk wrote:
> Hi all,
>
> In a misguided effort to loosen up the system,
> I edited hosts.allow to read All: All and commented
> out the All: PARANOID line in hosts.deny.
>
> Now the IMAP server no longer works...all attempts
> to pick up mail get refused. I see Net
hosts.allow reads ALL: ALL
hosts.deny reads #ALL: PARANOID
POP pickup works. POP cannot send - error message from a machine with OE reads:
The message could not be sent because one of the recipients was rejected by the
server. The rejected e-mail address was '[EMAIL PROTECTED]'. Subject 'Unlimi
On Wed, 8 Dec 1999, Patrick Kirk wrote:
patric >It reads imap2 stream tcp nowaitroot/usr/sbin/tcpd
/usr/sbin/imapd
does that binary exist ? check the daemon.log in /var/log to see whats
going on. when you telnet to the machine on port 143 something like this
should show:
[EM
[snip]>
> this would not affect IMAP in any way. If you get connection refused that
> means there is no service listening on that port. check your inetd.conf
> if you get a connection and then it closes, then inetd is listening but
> there still may not be a service there, or tcp_wrappers is not
On Tue, 7 Dec 1999, Patrick Kirk wrote:
patric >In a misguided effort to loosen up the system,
patric >I edited hosts.allow to read All: All and commented
patric >out the All: PARANOID line in hosts.deny.
this would not affect IMAP in any way. If you get connection refused that
means there is no
Alexander Kushnirenko <[EMAIL PROTECTED]> writes:
> > I'm actually using the IP firewall code in Linux 2.2.0-pre5 to provide
> > most of the protection to my system. My ipchains rules are as follows
> > (actually saved in /etc/ipchains.save and read by ipchains-restore in
> > /etc/init.d/netwo
Hi, Carey!
Thanks for your detailed answers,
[snip]
> DNS names and DNS servers being down, so, for example, I have a line:
> ALL : 127.0.0.1 192.168.117. : ALLOW
Good point, I switched to them.
[snip]
> I'm actually using the IP firewall code in Linux 2.2.0-pre5 to provide
> most of the protec
Alexander Kushnirenko <[EMAIL PROTECTED]> writes:
[snip]
> 1. Does it have some striking errors? I bet I forgot some service...
I prefer to put the denies in /etc/hosts.allow as well; something
like:
ALL : ALL : DENY
at the end, to catch anything not explicitly allowed.
I also prefer to use
-> > Thanks for the comments, But would wrapping Apache do any good? AFAIK
-> > wrapping works only when daemon starts and Apache is sort of always on?
->
-> I would not suggest running a web server from inetd. If the web server
-> persists after the first connection, that is fine, but you are
On Thu, Jan 07, 1999 at 04:56:32PM -0600, Alexander Kushnirenko wrote:
> Hi,
>
> Thanks for the comments, But would wrapping Apache do any good? AFAIK
> wrapping works only when daemon starts and Apache is sort of always on?
I would not suggest running a web server from inetd. If the web serve
Hi,
Thanks for the comments, But would wrapping Apache do any good? AFAIK
wrapping works only when daemon starts and Apache is sort of always on?
Sasha.
> On Thu, Jan 07, 1999 at 05:39:30PM -0500, Shaleh wrote:
> > > Questions:
> > > 1. Does it have some striking errors? I bet I forgot some s
On Thu, Jan 07, 1999 at 05:39:30PM -0500, Shaleh wrote:
> > Questions:
> > 1. Does it have some striking errors? I bet I forgot some service...
>
> Looks sane. Be aware that hosts.allow only covers inetd started daemons. So
> if you run apache as a stand alone daemon you have to config it separ
> Questions:
> 1. Does it have some striking errors? I bet I forgot some service...
Looks sane. Be aware that hosts.allow only covers inetd started daemons. So
if you run apache as a stand alone daemon you have to config it separately.
37 matches
Mail list logo
