question on hosts.allow
Daniel Bye
dan at slightlystrange.org
Thu Dec 21 05:58:21 PST 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
David Banning wrote:
> I have been running denyhosts to stop attacks on my ssh port.
>
> The attacks continue after protection is put in place.
>
> Here is what I have in the tail of my /etc/hosts.allow
> as per the installation instructions;
> -------------------------
> ...<snip>
> sshd : /etc/hosts.deniedssh : deny
> sshd : ALL : allow
> -------------------------
>
> and in /etc/hosts.deniedssh I have;
>
> -------------------------
> sshd: 82.165.182.220 : deny
> sshd: 200.52.90.100 : deny
> -------------------------
This isn't quite right. This file should contain IP addresses, one per
line, without any of the extraneous stuff - the `sshd' and `deny' bits
are taken care of by the
sshd : /etc/hosts.deniedssh : deny
line in /etc/hosts.allow. (Effectively, with your current setup, your
hosts.allow rules expand to something like this:
sshd : sshd : 82.165.182.220 : deny : deny
which doesn't make much sense!)
At a guess, your BLOCK_SERVICE is set to something other than an empty
value. It needs to be "BLOCK_SERVICE =" (without the quotes, of
course...) to ensure that only offending IP addresses get written out to
the auxiliary file.
>
> but I am still receiving attacks from the last IP address. So I am wondering
> what program actually -reads- hosts.allow
It should be read by anything that's built with tcpwrappers support. In
this case, it would be sshd.
> May be it has to be reset, or restarted?
No, I don't think so. I would imagine the problem is the screwy syntax
of your config. Try setting BLOCK_SERVICE in
/usr/local/etc/denyhosts.conf, restart DenyHosts and see what happens...
Dan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFio/rixf5fBYiFmoRAqQGAJ9USWP47e9nC6ChfhL8BzdxX7tFRwCgvUA9
U/pe3iiTdjkKzBctcaAU50k=
=QmiM
-----END PGP SIGNATURE-----
More information about the freebsd-questions
mailing list