On Thu, Aug 19, 2021 at 04:25:34PM +, Andy Smith
wrote:
> Hello,
>
> On Tue, Aug 17, 2021 at 11:17:05AM +1000, raf wrote:
> > I just noticed many many sshd segfaults listed in
> > /var/log/kern.log. There are two versions. They look
> > like this:
> >
> > sshd[1086]: segfault at 7fff615e
Hello,
On Tue, Aug 17, 2021 at 11:17:05AM +1000, raf wrote:
> I just noticed many many sshd segfaults listed in
> /var/log/kern.log. There are two versions. They look
> like this:
>
> sshd[1086]: segfault at 7fff615eaec8 ip
> 7ff2a586f42f sp 7fff615eaed0 error 6 in
> libwrap.so.0.7.
7f18d4f5dac7 sp 7ffcd3ff6ed0 error 6 in
libc-2.31.so[7f18d4f2a000+14b000]
The hex addresses are different each time, but the rest
is the same.
It happens every time there's an incoming ssh
connection attempt via IPv6 when the IPv6 address isn't
listed in /ertc/hosts.allow. Ther
Has anything relating to those files changed between jessie and stretch
to affect cups being blocked?
Would a line in the allow file ALL: localhost:631 help or is the syntax
incorrect?
0.1":
(...)
>> Connection:127.0.0.1 via TCP/IP ...
>> TCP port:3306
>> ...
>>
>> Hope that clears it up a bit.
>>
>> It might be possible to disable the socket connection in the MySQL
>> config, but I haven't looked into that
...
Connection:127.0.0.1 via TCP/IP
...
TCP port:3306
...
--
Hope that clears it up a bit.
It might be possible to disable the socket connection in the MySQL
config, but I haven't looked into that.
Ok - many thanks guys for reply
This explain first part of problem - my faul
On 10/07/12 17:29, Camaleón wrote:
On Tue, 10 Jul 2012 18:09:42 +0200, Zdenek Herman wrote:
On Mon, 09 Jul 2012 20:11:10 +0200, Zdenek Herman wrote: (please, reply
at the bottom)
Dne 9.7.2012 16:52, Camaleón napsal(a):
(...)
I don't know why does not work for you. Take a look into this art
On Tue, 10 Jul 2012 18:09:42 +0200, Zdenek Herman wrote:
> On Mon, 09 Jul 2012 20:11:10 +0200, Zdenek Herman wrote: (please, reply
> at the bottom)
>>> Dne 9.7.2012 16:52, Camaleón napsal(a):
(...)
>> I don't know why does not work for you. Take a look into this article
>> that shows a few sampl
On Mon, 09 Jul 2012 20:11:10 +0200, Zdenek Herman wrote: (please, reply
at the bottom)
Dne 9.7.2012 16:52, Camaleón napsal(a):
On Sun, 08 Jul 2012 22:26:11 +0200, Zdenek Herman wrote:
(...)
When I set hosts.deny ALL: ALL and hosts.allow is empty. I can allow
connect to MySQL from anywhere
On Mon, 09 Jul 2012 20:11:10 +0200, Zdenek Herman wrote:
(please, reply at the bottom)
> Dne 9.7.2012 16:52, Camaleón napsal(a):
>> On Sun, 08 Jul 2012 22:26:11 +0200, Zdenek Herman wrote:
>>
>> (...)
>>
>>> When I set hosts.deny ALL: ALL and hosts.allow
ked up hostnames still leave understandable logs. In past
# versions of Debian this has been the default.
# ALL: PARANOID
ALL: ALL : spawn ( echo $(date '+%%d.%%m.%%y %%T') access DENIED from %u@%h
[%a] >> /var/log/tcp_wrapper/%d.log ) &
My hosts.allow
# /etc/hosts.allow: list
his to ensure any programs that don't
> # validate looked up hostnames still leave understandable logs. In past
> # versions of Debian this has been the default.
> # ALL: PARANOID
> ALL: ALL : spawn ( echo $(date '+%%d.%%m.%%y %%T') access DENIED from %u@%h
> [%a] >>
n the default.
# ALL: PARANOID
ALL: ALL : spawn ( echo $(date '+%%d.%%m.%%y %%T') access DENIED from
%u@%h [%a] >> /var/log/tcp_wrapper/%d.log ) &
My hosts.allow
# /etc/hosts.allow: list of hosts that are allowed to access the system.
# See the manual pages h
On Sun, 08 Jul 2012 22:26:11 +0200, Zdenek Herman wrote:
(...)
> When I set hosts.deny ALL: ALL and hosts.allow is empty. I can allow
> connect to MySQL from anywhere - settings in hosts.allow and hosts.deny
> are ignored.
(...)
I wonder if you aren't just missing the daemon to
Hello
I have problem with MySQL and control access by TCP wrapper in Debian
Squeeze.
MySQL is compiled correctly with libwrap library:
ldd /usr/sbin/mysqld | grep libwrap
libwrap.so.0 => /lib/libwrap.so.0 (0x7f145d28d000)
When I set hosts.deny ALL: ALL and hosts.allow is empty.
I
Hello Clive
Thanks for pointing me to to ipcalc,
I noticed smb.conf has a commented entry for 127.0.0.0/8
This would cover the whole local subnet:
HostMin: 127.0.0.1
HostMax: 127.255.255.254
Does it make sense to cover more than 127.0.0.1 and 127.0.1.1 in
/etc/hosts.allow ?
I don&#
l smb.conf entries + daemon mode.
The server is behind a router/firewall, it should be safe as it is.
On 26.04.2012 12:54, shawn wilson wrote:
Juan is correct. However my two cents - don't rely on hosts.allow and
hosts.deny for anything. Just use iptables rules to do this type of thing.
A
Hi Tuxoholic,
[...]
> With this smb.conf tweaking it works fine, but why could smbd/nmbd run past
> /etc/hosts.allow and /etc/hosts.deny without those lines in smb.conf?
Already answered by Juan Sierra Pons.
> To my limited CIDR understandig a /32 mask should restrict
Juan is correct. However my two cents - don't rely on hosts.allow and
hosts.deny for anything. Just use iptables rules to do this type of thing.
Also, most don't consider samba to be a very secure service (last CVE was
only a few weeks ago) so be very careful with this service.
On Apr
10 MYSERVER
>
> cat /etc/hosts.allow
> #ALL: localhost 127.0.1.1 192.168.2.0/24
> ALL: localhost 127.0.1.1 192.168.2.0/32
>
> /etc/hosts.deny
> ALL: ALL
>
> With this ruleset in place nmbd broadcasts still pull through and cifs mounts
> are still possible, whereas ssh/rsh
hi list
Can somebody explain why smbd and nmbd are not affected by the following
strict ruleset in /etc/hosts* ?
/etc/hosts
127.0.0.1 MYHOSTNAME localhost.localdomain localhost
127.0.1.1 MYHOSTNAME
192.168.2.10MYSERVER
cat /etc/hosts.allow
#ALL: localhost 127.0.1.1 192.168.2.0
it can be used.
> Which config. that i correct ?
> ( If i want to only allow from my LAN ( 192.168.2.x netmask 255.255.255.0 )
It is the *daemon* that you wish to wrap that is the first argument in
hosts.[allow,deny] - in this case mysqld. Your network/netmask looks
fine. 'm
mysqld in hosts.allow / hosts.deny ?
===
Now, Can i use tcpwrapper with mysql on debian ?
If it can be used.
Which config. that i correct ?
( If i want to only allow from my LAN ( 192.168.2.x netmask 255.255.255.0 )
1.
hosts.allow
#
mysqld: 192.168.2.0
David;
I asked one of the senior admins here about this as much for me as you.
First the application's daemon (bacula-fd) needs to be compiled with
tcpwrapper so it will look at hosts.allow file.
Second the host or IP range you are 'allowing' must be know. Unlike, ftp,
httpd, e
Hi, I want to allow one port number from one machine in my client machine hosts.allow file how do i do that. I am running bacula backup for this i need allow 9102 port in bacula client machine hosts.allow file thanks
To help you stay safe and secure online, we've developed th
On Thu, Nov 03, 2005 at 12:42:14PM +0200, Meni Shapiro wrote:
> eg:
> /etc/hosts.allow:
> SENDMAIL: ALL
> #HTTPD: ALL
Apache doesn't usually use tcpwrappers. Even if it did, you have it
commented out. Doh!
As for sendmail, assuming it's compiled for tcpwrappers, you shou
On Thu, Nov 03, 2005 at 12:42:14PM +0200, Meni Shapiro wrote:
> i got a problem with /etc/hosts.allow & /etc/host.deny
> I got some rules there BUT i notice what ever i put it is ignored!!!
> the files are not effective
First of all, you haven't included hosts.deny. Unle
On Thu, Nov 03, 2005 at 12:42:14PM +0200, Meni Shapiro wrote:
> i got a problem with /etc/hosts.allow & /etc/host.deny
> I got some rules there BUT i notice what ever i put it is ignored!!!
> the files are not effective
>
> Why is that??
>
> eg:
> /etc/hosts.all
i got a problem with /etc/hosts.allow & /etc/host.deny
I got some rules there BUT i notice what ever i put it is ignored!!!
the files are not effective
Why is that??
eg:
/etc/hosts.allow:
SENDMAIL: ALL
#HTTPD: ALL
and still i can connect via web (port 80)
-- --Meni Szapiro
On Wed, Sep 21, 2005 at 08:37:11PM -0500, garaged wrote:
> tcpwrappers is, IMO, a quite deprecated tool, firewalls are reliable
> and more adequate this days.
I'm going by the usual security advice to use multiple layers of security.
>
> To answer your question, if apache is started by xinetd, h
tcpwrappers is, IMO, a quite deprecated tool, firewalls are reliable
and more adequate this days.
To answer your question, if apache is started by xinetd, host.* files
are relevant, most distributions now dont bind apache to xinetd, i'm
not even sure if it's convenient, I would think that it is no
Are the hosts.{allow,deny} files relevant to Apache2? If so, what
service name should I use?
More generally, how do I find the answer to this question for an
arbitrary program or service.
READ.Debian for Apache2 doesn't mention tcpwrappers, and the Debian
reference doesn't list these files as re
I don't use DNS at home, I only have a few machines.
I just use a.b.c.0/255.255.255.0 in /etc/exports and
/etc/hosts.allow to setup NFS exports.
Now I have wireless, as well as wired subnets.
Can I define a group that includes both subnets and use a
single entry for both in hosts.allo
Hello
Stefan O'Rear (<[EMAIL PROTECTED]>) wrote:
> On Fri, Sep 24, 2004 at 10:46:27AM +0530, Nayyar Ahmed wrote:
>>
>> I want to add an ip address 203.128.5.100
>> to /etc/hosts.allow , please tel me wat will be the entry.??
>
> $ apropos hosts
> ..
On Fri, Sep 24, 2004 at 10:46:27AM +0530, Nayyar Ahmed wrote:
> Hello All,
>
> I want to add an ip address 203.128.5.100
> to /etc/hosts.allow , please tel me wat will be the entry.??
$ apropos hosts
...
hosts_access (5) - format of host access control files
...
$ man 5 hosts_acc
Hello All,
I want to add an ip address 203.128.5.100
to /etc/hosts.allow , please tel me wat will be the entry.??
TIA.
--
Nayyar Ahmad
Lecturer
Faculty Of Computer Science,
Institute Of Management Sciences,
Hayat Abad Peshawar , Pakistan.
Office : 92-091-9217404 , 9217452
Cell : 92-0333
On Thu, 7 Nov 2002, Benedict Verheyen wrote:
> Hi,
>
> i have some problems setting up ssh connection (not the scope of this email though
>not yet :-) and i came across the /etc/hosts.allow & /etc/hosts.deny files.
>
> Now, i saw in some documents about ssh that they
On Thu, Nov 07, 2002 at 12:18:09PM +, Benedict Verheyen wrote:
> Now, i saw in some documents about ssh that they add "sshd: all" to the
> /etc/hosts.allow file. Am i correct that these 2 files are only used
> when you have inetd enabled and that they otherwise serve no
Hi,
i have some problems setting up ssh connection (not the scope of this email though not
yet :-) and i came across the /etc/hosts.allow & /etc/hosts.deny files.
Now, i saw in some documents about ssh that they add "sshd: all" to the
/etc/hosts.allow file. Am i correct that the
> The server needs the following daemons running:
> portmap, nfs-common, nfs-server
> The client needs portmap and nfs-common
>
> My question is, can you mount the nfs share remotely
> when the entry in /etc/hosts.deny is removed, and in /etc/hosts.allow you
> put "ALL:
mount the nfs share remotely
when the entry in /etc/hosts.deny is removed, and in /etc/hosts.allow you put
"ALL: ALL"?
I would suggest using ipchains to block nfs and rpc from the outside, like
this, where 192.168.1.1 is your machines **external** interface (i.e., the
one connected to
> I'm too lame to find out how to re-start portmap. And rebooting didn't fix
> it.
/etc/init.d/portmap restart
mek
> Did you re-start portmap after adding that line? That should fix it.
>
> noah
I'm too lame to find out how to re-start portmap. And rebooting didn't fix
it.
On Tue, Apr 10, 2001 at 11:39:44AM +0200, Robert Voigt wrote:
> To allow the other machine on the LAN access to mine again I put the line
> portmap: 192.168.1.0/255.255.255.0
> in /etc/hosts.allow
> but the other machine still can't mount anything. It gets the error message
>
AN, and
I hope this will prevent anyone from the outside world to break into my
system, because that's why I do it.
To allow the other machine on the LAN access to mine again I put the line
portmap: 192.168.1.0/255.255.255.0
in /etc/hosts.allow
but the other machine still can't mount a
> "KMS" == Karsten M Self writes:
KMS> on Sat, Mar 24, 2001 at 04:18:09PM -0700, Mike Millner ([EMAIL
PROTECTED]) wrote:
>> When I make changes to files, for example hosts.deny or
>> hosts.access how do I get the OS to see them without rebooting?
KMS> The issue is not the OS
on Sat, Mar 24, 2001 at 04:18:09PM -0700, Mike Millner ([EMAIL PROTECTED])
wrote:
> When I make changes to files, for example hosts.deny or hosts.access
> how do I get the OS to see them without rebooting? I know with my DNS
> files I can do a "rndc reload" and the changes are read but with these
Well, now I know why ALL: ALL in hosts.deny stopped things.
It turns out that hosts.allow does not allow "ALL: my.ip.address" but is
happy with "ALL: 203.x.y.z" or even "ALL: 203.x.y." There is a note about
this regarding the portmapper but I had not realised t
ort for tcp_wrappers. If it is (I don't know what
> the configure options in the Debian build are, but I suspect it is), then
> 'sshd: ALL' or whatever should work in /etc/hosts.allow and .deny.
>
> OTOH, Lindsay should also check for AllowHosts or DenyHosts in
> /etc/ss
On Mon, Aug 07, 2000 at 04:05:19AM -0700, Eric G . Miller wrote:
> You're denying everyone and allowing no one. There's a good reason you
> can't connect ;). In /etc/hosts.allow, you could put:
no he is not, true there is nothing in hosts.allow, but all he has in
hosts.
build are, but I suspect it is), then
'sshd: ALL' or whatever should work in /etc/hosts.allow and .deny.
OTOH, Lindsay should also check for AllowHosts or DenyHosts in
/etc/ssh/sshd_config...man sshd for more info.
HTH,
noah
On Mon, 7 Aug 2000, Eric G . Miller wrote:
> On Mon, Aug
On Mon, Aug 07, 2000 at 09:48:13PM +0800, Lindsay Allen wrote:
>
> Hello world,
>
> I have a hosts_access problem.
>
> hosts.deny has the line
> ALL:ALL
>
> This stops me logging in with ssh. The problem is that if I put a line in
> hosts.allow like
> ss
Hello world,
I have a hosts_access problem.
hosts.deny has the line
ALL:ALL
This stops me logging in with ssh. The problem is that if I put a line in
hosts.allow like
sshd: my.ip.address
the rule does not match because sshd does not feature in inetd.conf.
What have I missed?
Lindsay
You're denying everyone and allowing no one. There's a good reason you
can't connect ;). In /etc/hosts.allow, you could put:
ALL: LOCAL
However, you shouldn't be running sshd from inetd -- it's too slow. If
you aren't running ssh from inetd, then you're pro
telnet and ssh just fine. So I looked into my hosts.allow and
hosts.deny files. They looked ok, except for this reference to a
leafnode, which I hadn't seen before. There was nothing about it in the
manpages. This machine has two NIC's in it and is doing IPMasquerding.
When I try to
LL: 0.0.0.0/0.0.0.0
>
> Which I vaguely remember having put there because of aforementioned
> paranoia. This shouldn't have been a problem, I wouldn't have thought as
> long as I had the correct line in hosts.allow, as the hosts_access(5)
> man page says that allow is checke
been a problem, I wouldn't have thought as
> long as I had the correct line in hosts.allow, as the hosts_access(5)
> man page says that allow is checked before deny.
>
> However, I can't get the hosts.allow bit working.
>
> I've tried putting
> ssh: ALL
>
>
aforementioned
paranoia. This shouldn't have been a problem, I wouldn't have thought as
long as I had the correct line in hosts.allow, as the hosts_access(5)
man page says that allow is checked before deny.
However, I can't get the hosts.allow bit working.
I've tried putting
ssh:
hi ya jon
check that your telnet daemon is called /usr/sbin/in.telnetd
grep -i telnetd /etc/inetd.conf
remember that hosts.allow is read before hosts.deny
so you can use positive or negative logic which ever file
you decide to use...
/etc/hosts.allow
#
# hosts.allow This
I am attempting to let machiens from a certain domain
(mydomain.com we'll call it) telnet into my machine.
The IP Address will change each time so I know I can't
do the simple ALL: xx.xxx.xx.x method. I've looked in
hosts_access but the characters it indicates aren't
showing up correctly (in Con
Jay Kelly wrote:
>
> Ok I have two qeustion for the group,
>
> 1) I am wanting to use the finger command in my hosts.allow file to see who
> has been in my system. Im using
> spawn (/usr/sbin/safe_finger -l @%h | /usr/ucb/mail root) but I dont receive
> any mail. Am I doi
2) When I try to edit my hosts.allow file with ae, it will
not allow me to
make any changes. Im logged in as root I make the changes
then use ctrl x,
ctrl s to save but it doesnt take the command. All I get it
a x and s on the
screen. Any thoughts
Ok I have two qeustion for the group,
1) I am wanting to use the finger command in my hosts.allow file to see who
has been in my system. Im using
spawn (/usr/sbin/safe_finger -l @%h | /usr/ucb/mail root) but I dont receive
any mail. Am I doing this right?
2) When I try to edit my hosts.allow
On Wed, 29 Dec 1999, aphro wrote:
> carlf >ALL: PARANOID
> carlf >
> carlf >Surely that should be blocking anything not on my local LAN. What's
> carlf >up?
>
> that line blocks ALL incoming connections(or at least tries) to daemons in
> /etc/inetd.conf from all hosts, no matter where they are.
On Wed, 29 Dec 1999, Carl Fink wrote:
carlf >In order to use IP-Masq I had to edit hosts.allow to accept
carlf >connections from my own other PC. The only uncommented line there now
carlf >reads:
carlf >
carlf >ALL: LOCAL 198.168.1.*
ipmasq has nothing to do with tcp_wr
ean to have your local network be in
192.168?
> Since my laptop is 198.168.0.2, this *shouldn't even work*. (I
> originally typoed the IP address and just noticed it while typing this
> message!) However, since adding that line to hosts.allow, suddenly my
> box is open *fro
*- On 29 Dec, Carl Fink wrote about "Possible hosts.allow problem"
> In order to use IP-Masq I had to edit hosts.allow to accept
> connections from my own other PC. The only uncommented line there now
> reads:
>
> ALL: LOCAL 198.168.1.*
>
Shouldn't it be:
AL
In order to use IP-Masq I had to edit hosts.allow to accept
connections from my own other PC. The only uncommented line there now
reads:
ALL: LOCAL 198.168.1.*
Since my laptop is 198.168.0.2, this *shouldn't even work*. (I
originally typoed the IP address and just noticed it while typing
Got the answer ;-)
And youre right ofcourse
Regards,
Onno
At 03:15 PM 12/8/99 -0500, Jaldhar H. Vyas wrote:
>A plea to debian-user readers
>=
>
>Please, please, please if you are going to install things, especially from
>unstable, extra-especially if you rely u
At 01:28 PM 12/8/99 -0500, Jaldhar H. Vyas wrote:
[snip]
>Do you have an /etc/cram-md5.pwd file?
>Does it have actual usernames and passwords in it?
Do you have more info on this?
Regards,
Onno
>--
>Jaldhar H. Vyas <[EMAIL PROTECTED]>
>
>
>--
>Unsubscribe? mail -s unsubscribe [EMAIL PROTECT
On Wed, Dec 08, 1999 at 03:15:37PM -0500, Jaldhar H. Vyas wrote:
> A plea to debian-user readers
> =
>
> Please, please, please if you are going to install things, especially from
> unstable, extra-especially if you rely upon them for important things,
>
> READ THE FIN
A plea to debian-user readers
=
Please, please, please if you are going to install things, especially from
unstable, extra-especially if you rely upon them for important things,
READ THE FINE DOCUMENTATION which can be found in /usr/doc/ or
/usr/share/doc/ particularly
L
It is a problem with the server.
if hosts.deny still says that, then in hosts.allow add:
ALL : your.ip
that will override hosts.deny
nate
[mailto:[EMAIL PROTECTED] ]--
Vice President Network Operations http://www.firetrail.com/
Firetrail Int
Yes. Adding the usernames and passwords fixed things. What is this? Where
does it come from and do I need to manually update it?
Thanks for making the system work at least!
Patrick
On Tue, 7 Dec 1999, Patrick Kirk wrote:
> Hi all,
>
> In a misguided effort to loosen up the system,
> I edited hosts.allow to read All: All and commented
> out the All: PARANOID line in hosts.deny.
>
> Now the IMAP server no longer works...all attempts
> to pick up
hosts.allow reads ALL: ALL
hosts.deny reads #ALL: PARANOID
POP pickup works. POP cannot send - error message from a machine with OE reads:
The message could not be sent because one of the recipients was rejected by the
server. The rejected e-mail address was '[EMAIL PROTECTED]'
On Wed, 8 Dec 1999, Patrick Kirk wrote:
patric >It reads imap2 stream tcp nowaitroot/usr/sbin/tcpd
/usr/sbin/imapd
does that binary exist ? check the daemon.log in /var/log to see whats
going on. when you telnet to the machine on port 143 something like this
should show:
[EM
[snip]>
> this would not affect IMAP in any way. If you get connection refused that
> means there is no service listening on that port. check your inetd.conf
> if you get a connection and then it closes, then inetd is listening but
> there still may not be a service there, or tcp_wrappers is not
On Tue, 7 Dec 1999, Patrick Kirk wrote:
patric >In a misguided effort to loosen up the system,
patric >I edited hosts.allow to read All: All and commented
patric >out the All: PARANOID line in hosts.deny.
this would not affect IMAP in any way. If you get connection refused that
means
Hi all,
In a misguided effort to loosen up the system,
I edited hosts.allow to read All: All and commented
out the All: PARANOID line in hosts.deny.
Now the IMAP server no longer works...all attempts
to pick up mail get refused. I see Netscape say
"Sending login information..." and
7;s the Firewall HOWTO, and the IP Chains HOWTO in
/usr/doc/netbase/ipchains-HOWTO.txt.gz.
As a summary:
Pros:
* In the kernel, so it should be faster.
* Affects *everything*, including UDP (like the Network Time
Protocol server and Samba name server), and even if the
application d
Hi, Carey!
Thanks for your detailed answers,
[snip]
> DNS names and DNS servers being down, so, for example, I have a line:
> ALL : 127.0.0.1 192.168.117. : ALLOW
Good point, I switched to them.
[snip]
> I'm actually using the IP firewall code in Linux 2.2.0-pre5 to provide
> most of the protec
Alexander Kushnirenko <[EMAIL PROTECTED]> writes:
[snip]
> 1. Does it have some striking errors? I bet I forgot some service...
I prefer to put the denies in /etc/hosts.allow as well; something
like:
ALL : ALL : DENY
at the end, to catch anything not explicitly allowed.
I also pref
ly true. A lot of standalone daemons are, or can be,
>> compiled with libwrap so as to have this functionality built-in.
iirc, apache can be built with libwrap support which means, uses hosts.allow
and hosts.deny to decide wqhether to run or not;
-> The libwrap code starts when there is a co
On Thu, Jan 07, 1999 at 04:56:32PM -0600, Alexander Kushnirenko wrote:
> Hi,
>
> Thanks for the comments, But would wrapping Apache do any good? AFAIK
> wrapping works only when daemon starts and Apache is sort of always on?
I would not suggest running a web server from inetd. If the web serve
I bet I forgot some service...
> >
> > Looks sane. Be aware that hosts.allow only covers inetd started daemons.
> > So
> > if you run apache as a stand alone daemon you have to config it separately.
>
> That's not necessarily true. A lot of standalone daemo
On Thu, Jan 07, 1999 at 05:39:30PM -0500, Shaleh wrote:
> > Questions:
> > 1. Does it have some striking errors? I bet I forgot some service...
>
> Looks sane. Be aware that hosts.allow only covers inetd started daemons. So
> if you run apache as a stand alone daemon
> Questions:
> 1. Does it have some striking errors? I bet I forgot some service...
Looks sane. Be aware that hosts.allow only covers inetd started daemons. So
if you run apache as a stand alone daemon you have to config it separately.
Hi,
We try to set "mostly closed system" for Debian "slink" boxes that operate
primarily as X-terminals. So it has in hosts.deny "ALL:ALL"
Here what I set in hosts.allow:
#
ALL : localhost
in.telnetd : .our.network : allow
sshd: .our.network : al
89 matches
Mail list logo
