Hmm, what makes me think Apache is not? If I have an empty
/etc/hosts.allow file, and one line in /etc/hosts.deny that
reads (ALL: ALL), and I can still hit the server (web).
I am beginning to think that it has to do with the services
being compiled with tcpwrapper 'support'. I am also begining
to think differant distributions may do it differantly.
Therefore, I respectfully disagree, I do not believe tcpwrappers
affects all tcp services.
v/r
Mike
On Thu, Oct 10, 2002 at 11:40:28PM -0400, George Toft wrote:
What makes you think Apache is not? Whe I was at the .com in LA, we had
a script that analyzed Apache log files, and dropped the abuser's IP
netowrk into /etc/host.deny for 48 hours. That locked him (and a chunk
of his ISP) out so he couldn't redial and continue the attack.
I know for a fact that SNMP is under tpc wrapper control - that was one
of the biggest bitches to solve.
SSH is also controlled by TCP wrappers - I use it as redundancy in case
I make stupid typos and open SSH to my $EXTIF instead of my $INTIF. I
did this, and I discovered it through looking at my logs.
What I discovered two weeks ago about OpenLDAP was that LOCAL is not the
same as 127.0.0.1. To every other service I have used in the last 6
years it was, but noooo - not OpenLDAP.
Anyway, it's called TCP wrappers, not inet wrappers, because it affects
all TCP services. My hosts.allow file looks like this:
ALL: LOCAL, 127.0.0.1, 192.168.55.
which supports my LDAP, MySQL, Apache and DNS servers. The 192.196.55
LAN is another interface that needs DNS and HTTP services.
George
Mike Starke wrote:
>
> Years ago, I seem to recall that the only services
> under control of hosts.allow & hosts.deny were those
> under inetd (/etc/inetd.conf).
>
> I just spent the past hour trying to figure out why I couldn't
> connect to my new ldap server from a remote site; come to find
> out all I needed was a simple entry in /etc/hosts.allow Being that
> slapd runs as a deamon, I stared at my slapd.conf file and couldn't
> find any reason why a connection was denied.
>
> Simple question: How does one know when a service is under
> tcpwrappers? Apache & Bind are not, what should have made
> me think slapd was?
>
> v/r
> Mike
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)