Having issues-/etc/hosts.deny /etc/hosts.allow!
OK-I just did an install of Arch '09 x86_64 core on my HP Pavillion a810n AMD Athlon64 3300+. I got to the part about configuring and the directions just aren't very clear...What EXACTLY do I input to both deny/allow to be able to get on the net to install gnome/X, etc??
Why would anyone by default have the net services turned off when to have a Viable OS you need more packages-did someone miss that?
Thanks.
From the Beginners Guide:
If you do not plan on using the ssh daemon, leave this file at the default, (empty), for added security.
It seems you may be confusing the contents of this file with your inability to reach the network.
What is the exact error(s) you are receiving?
Did you leave the file empty (all lines commented out) ?
Similar Messages
-
Sshd ignores /etc/hosts.allow and /etc/hosts.deny
Hello everyone,
I've just found out that sshd ignores /etc/hosts.allow and /etc/hosts.deny completely on my machine. It doesn't make use of tcp_wrappers. I am using the standard Arch package. Either my settings are wrong, or this is a severe security problem. It was a terrible surprise to find out that my server is under severe dictionary attacks all the time, despite the denyhosts script I am using.
These are my settings:
/etc/hosts.deny:
ALL: ALL
/etc/hosts.allow:
# some nfs daemons: 192.168.1.0/255.255.255.0
sshd sshd1 sshd2: ALL EXCEPT /etc/hosts.evil
mysqld: 192.168.1.0/255.255.255.0
/etc/hosts.evil:
195.113.21.131
60.10.6.53
A simple experiment to verify the settings:
[root@charon etc]# tcpdmatch -d -i /etc/xinetd.conf sshd 195.113.21.131
warning: sshd: no such process name in /etc/xinetd.conf
client: address 195.113.21.131
server: process sshd
matched: hosts.deny line 5
access: denied
[root@charon etc]# tcpdmatch -d -i /etc/xinetd.conf sshd 195.113.21.130
warning: sshd: no such process name in /etc/xinetd.conf
client: address 195.113.21.130
server: process sshd
matched: hosts.allow line 10
access: granted
This seems to be fine. But when I go to the machine 195.113.21.131, I can simply log in with no trouble at all.
This is really strange. Does it have something to do with the xinetd warning? I am not using xinetd... Maybe I'm doing something wrong. If you have experienced such a trouble, please give me a hint.elasticdog wrote:So should our package not have the ListenAddress 0.0.0.0 line uncommented by default? My guess would be that since it listens on all local addresses by default, we're just overwriting that when specifying 0.0.0.0, which isn't valid. That was users don't have to specify their local IP address. Unless I'm wrong, shouldn't this be a bug/feature request for the packager?
This doesn't seem to be a package bug... IMHO, sshd must respect all the settings in hosts.deny and hosts.allow, regardless the IP address it listens on. The behaviour I noticed seems to be much more complicated. Basic settings (daemon name mentioned in hosts.*) worked, as far as I didn't want a "per IP" configuration. For example, including the daemon in hosts.allow really enabled remote connections, but any closer specifications (subdomains, EXCEPT operator...) were ignored. Access was simply granted without further evaluation. Excluding sshd from hosts.allow worked as one would assume. When I specified ListenAddress, everything started to work properly. This is mysterious. There are millions of computers using tcp wrappers and ssh, so it's hard to believe there could be a bug. -
/etc/hosts.allow versus iptables/firewall?
What's the relation between the /etc/hosts.allow and /etc/hosts.deny files, on the one hand, and a host firewall on the other? If I'm going to configure iptables on a machine, is there any point to having any non-trivial rules in /etc/hosts.allow and /etc/hosts.deny too? Or should I just set them to let everything connect and do all my configuration through iptables?
(Well, really, I'm going to use some iptables-for-dummies tool like ufw or firehol.)I cannot agree that hosts.{allow,deny} are 'a lot more basic' They're different from iptables, they work on different level and offer different capabilities, but it would be much harder with iptables to grant/deny access according to:
- ident lookup
- NIS netgroup
- domain name
- consistent ip->name and name->ip mapping
and so on; man 5 hosts_access and man hosts_options contain some examples. On the actions side, in addition to granting or denying access, arbitrary command can be run in parallel or instead of called service, with some useful informations about connection available as %variables.
Tcp_wrappers do not have to be called by protected service itself; they can be used with everything that uses TCP and can be run via (x)inetd, with a little help from tcpd(8).
I prefer iptables myself (no use in letting unwanted traffic pass any further than strictly necessary), but tcp_wrappers make a really nice and useful complementary solution. -
Tcp wrappers /etc/hosts.allow format
since most of the services that were originally run from
the /etc/inet/inetd.conf file on pre-Solaris 10 systems
are now run from smf, what are the "in.*" service names
that should be placed in the /etc/hosts.allow file?
also is there a "safe_finger" available for use that can
be used in the /etc/hosts.deny file or should the
"standard" Solaris 10 finger be used?
Thankselasticdog wrote:So should our package not have the ListenAddress 0.0.0.0 line uncommented by default? My guess would be that since it listens on all local addresses by default, we're just overwriting that when specifying 0.0.0.0, which isn't valid. That was users don't have to specify their local IP address. Unless I'm wrong, shouldn't this be a bug/feature request for the packager?
This doesn't seem to be a package bug... IMHO, sshd must respect all the settings in hosts.deny and hosts.allow, regardless the IP address it listens on. The behaviour I noticed seems to be much more complicated. Basic settings (daemon name mentioned in hosts.*) worked, as far as I didn't want a "per IP" configuration. For example, including the daemon in hosts.allow really enabled remote connections, but any closer specifications (subdomains, EXCEPT operator...) were ignored. Access was simply granted without further evaluation. Excluding sshd from hosts.allow worked as one would assume. When I specified ListenAddress, everything started to work properly. This is mysterious. There are millions of computers using tcp wrappers and ssh, so it's hard to believe there could be a bug. -
Entry in /etc/hosts.allow for insecure VNC?
I read the ssh wiki article which teaches to add an entry to /etc/hosts.allow for sshd. I am know that tunneling vnc through sshd is the way to go security wise, however, there are cases where I need to switch on un-encrypted vnc for the purposes of sharing my X11 session with family members. Anyway, my question deals with an entry in the /etc/hosts.allow for gnome's desktop sharing (which is vnc as I understand it). Does anyone know the syntax to allow vnc for any incoming connection (default port of 5900).
I have tried:
vino: ALL
Xvnc: ALL
X11vnc: ALL
None of which worked.
Thanks!when I don't know what's the name of the process listening to specific port, I always execute
netstat -tnlp
to get the proper processes' names. -
Syntax of ip ranges in /etc/hosts.allow
How does one define a range of IP addresses in the /etc/hosts.allow? Pasted from the ssh wiki article
# let everyone connect to you
sshd: ALL
# OR you can restrict it to a certain ip
sshd: 192.168.0.1
# OR restrict for an IP range
sshd: 10.0.0.0/255.255.255.0
# OR restrict for an IP match
sshd: 192.168.1.
If I just want 192.168.1.2 - 192.168.1.10 (inclusive), what would the syntax be for this?
192.168.1.2/192.168.1.10 didn't work for me.
Thanks.You can't do this on a single line AFAIK since .2 to .10 doesn't fit in any valid CIDR mask. You will need to add a line for each host individually:
sshd: 192.168.1.2
sshd: 192.168.1.3
sshd: 192.168.1.4
sshd: 192.168.1.5
sshd: 192.168.1.6
sshd: 192.168.1.7
sshd: 192.168.1.8
sshd: 192.168.1.9
sshd: 192.168.1.10
Technically there are multiple /30 masks that fit within that, but you'd still have to have multiple lines.
Last edited by fukawi2 (2009-06-06 22:45:26) -
I am having issues related to storage and I believe this is causing my computer to slow down. "Other" files part is the major occupier(180 GB). I have done Omni disk and multiple other cleaning(iTunes-device, restart, etc), yet have not been able to empty any more space, nor to speed up my computer? Any suggestions? All your contributions are welcomed. Thanks. Mehmet Mazhar Celikoyar
Below is the result:
Hardware Information:
MacBook Pro (15-inch, Mid 2009)
MacBook Pro - model: MacBookPro5,3
1 3.06 GHz Intel Core 2 Duo CPU: 2 cores
4 GB RAM
Video Information:
NVIDIA GeForce 9400M - VRAM: 256 MB
NVIDIA GeForce 9600M GT - VRAM: 512 MB
Audio Plug-ins:
BluetoothAudioPlugIn: Version: 1.0
AirPlay: Version: 1.9
AppleAVBAudio: Version: 2.0.0
iSightAudio: Version: 7.7.3
Startup Items:
HP IO - Path: /Library/StartupItems/HP IO
System Software:
OS X 10.9 (13A603) - Uptime: 3 days 22:8:6
Disk Information:
ST9500420ASG disk0 : (500.11 GB)
EFI (disk0s1) <not mounted>: 209.7 MB
Macintosh HD (disk0s2) /: 499.25 GB (220.49 GB free)
Recovery HD (disk0s3) <not mounted>: 650 MB
HL-DT-ST DVDRW GS23N
USB Information:
Apple Inc. Built-in iSight
Apple Internal Memory Card Reader
Apple Inc. Apple Internal Keyboard / Trackpad
Apple Computer, Inc. IR Receiver
Apple Inc. BRCM2046 Hub
Apple Inc. Bluetooth USB Host Controller
FireWire Information:
Thunderbolt Information:
Kernel Extensions:
com.rim.driver.BlackBerryUSBDriverInt (0.0.64)
com.livedrive.filesystems.livedrivefs (2.1.14)
Problem System Launch Daemons:
Problem System Launch Agents:
Launch Daemons:
[loaded] com.adobe.fpsaud.plist
[loaded] com.adobe.versioncueCS4.plist
[loaded] com.creativebe.MainMenuHelper.plist
[loaded] com.macpaw.CleanMyMac2.Agent.plist
[loaded] com.magican.castle.plist
[loaded] com.microsoft.office.licensing.helper.plist
[loaded] com.rim.BBDaemon.plist
[failed] com.zeobit.MacKeeper.plugin.AntiTheft.daemon.plist
Launch Agents:
[loaded] com.adobe.CS4ServiceManager.plist
[loaded] com.hp.messagecenter.launcher.plist
[loaded] com.hp.productresearch.plist
[loaded] com.rim.BBLaunchAgent.plist
User Launch Agents:
[loaded] com.adobe.ARM.[...].plist
[failed] com.macpaw.CleanMyMac2Helper.diskSpaceWatcher.plist
[failed] com.macpaw.CleanMyMac2Helper.scheduledScan.plist
[failed] com.macpaw.CleanMyMac2Helper.trashWatcher.plist
[failed] com.UninstallerTool.plist
[failed] com.VolumeWatcherTool.plist
[failed] com.zeobit.MacKeeper.Helper.plist
User Login Items:
BlackBerry Device Manager
HP Scheduler
3rd Party Preference Panes:
Adobe Version Cue CS4
DC30 Xact Driver Panel
Flash Player
Flip4Mac WMV
Perian
Internet Plug-ins:
AdobePDFViewer.plugin
AdobePDFViewerNPAPI.plugin
Default Browser.plugin
Flash Player.plugin
FlashPlayer-10.6.plugin
Flip4Mac WMV Plugin.plugin
iPhotoPhotocast.plugin
JavaAppletPlugin.plugin
OfficeLiveBrowserPlugin.plugin
QuickTime Plugin.plugin
SharePointBrowserPlugin.plugin
Silverlight.plugin
User Internet Plug-ins:
OctoshapeWeb.plugin
Bad Fonts:
None
Time Machine:
Mobile backups: OFF
Auto backup: NO
Volumes being backed up:
Macintosh HD: Disk size: 499.25 GB Disk used: 278.75 GB
Destinations:
TOSHIBA EXT [Local] (Last used)
Total size: 2 TB
Total number of backups: 5
Oldest backup: 2013-10-24 23:21:31 +0000
Last backup: 2013-10-25 02:59:08 +0000
Size of backup disk: Excellent
Backup size 2 TB > (Disk size 499.25 GB X 3)
Top Processes by CPU:
3% WindowServer
1% EtreCheck
1% Microsoft PowerPoint
0% BBLaunchAgent
0% fontd
0% aosnotifyd
Top Processes by Memory:
168 MB Microsoft PowerPoint
123 MB Safari
86 MB Mail
74 MB WindowServer
45 MB com.apple.WebKit.Networking
45 MB com.apple.WebKit.WebContent
41 MB Finder
41 MB PluginProcess
41 MB mds_stores
33 MB Notes
Virtual Memory Statistics:
72 MB Free RAM
1.27 GB Active RAM
1.24 GB Inactive RAM
667 MB Wired RAM
2.58 GB Page-ins
111 MB Page-outs -
Pure-ftpd setup (hosts.allow & hosts.deny)
hello,
i have installed pure-ftpd. i have it in daemon section in rc.conf and it's working (wisible from outside) althought my /etc/hosts.deny is
ALL: ALL: DENY
and in /etc/hosts.allow isn't any notice about pure-ftpd (just sshd).
isn't that weird?
thanx for answers.If your version of pure-ftpd was build without tcpwrappers, but might explain it.
-
I am using an early 2008 MacBook Pro and am having issues with it deleting text on its own (in word, emails, etc.). As I am typing it all of a sudden starts deleting and I can't stop it. This happened once before and it was due to a buldging battery pressing on the track pad. I checked the battery and it appears to be fine. What can I do?
Please read this whole message before doing anything.
This procedure is a test, not a solution. Don’t be disappointed when you find that nothing has changed after you complete it.
Step 1
The purpose of this step is to determine whether the problem is localized to your user account.
Enable guest logins* and log in as Guest. For instructions, launch the System Preferences application, select Help from the menu bar, and enter “Set up guest users” (without the quotes) in the search box. Don't use the Safari-only “Guest User” login created by “Find My Mac.”
While logged in as Guest, you won’t have access to any of your personal files or settings. Applications will behave as if you were running them for the first time. Don’t be alarmed by this; it’s normal. If you need any passwords or other personal data in order to complete the test, memorize, print, or write them down before you begin.
Test while logged in as Guest. Same problem?
After testing, log out of the guest account and, in your own account, disable it if you wish. Any files you created in the guest account will be deleted automatically when you log out of it.
*Note: If you’ve activated “Find My Mac” or FileVault, then you can’t enable the Guest account. The “Guest User” login created by “Find My Mac” is not the same. Create a new account in which to test, and delete it, including its home folder, after testing.
Step 2
The purpose of this step is to determine whether the problem is caused by third-party system modifications that load automatically at startup or login.
Disconnect all wired peripherals except those needed for the test, and remove all aftermarket expansion cards. Boot in safe mode* and log in to the account with the problem. The instructions provided by Apple are as follows:
Shut down your computer, wait 30 seconds, and then hold down the shift key while pressing the power button.
When you see the gray Apple logo, release the shift key.
If you are prompted to log in, type your password, and then hold down the shift key again as you click Log in.
Safe mode is much slower to boot and run than normal, and some things won’t work at all, including wireless networking on certain Macs. The next normal boot may also be somewhat slow.
The login screen appears even if you usually log in automatically. You must know your login password in order to log in. If you’ve forgotten the password, you will need to reset it before you begin.
*Note: If FileVault is enabled, or if a firmware password is set, or if the boot volume is a software RAID, you can’t boot in safe mode.
Test while in safe mode. Same problem?
After testing, reboot as usual (i.e., not in safe mode) and verify that you still have the problem. Post the results of steps 1 and 2. -
Is anyone having issues syncing the iPhone wifi hot spot to iPad, Mac, Etc..? I constantly have to turn it off and back on to get them to connect. I with it was a little more seamless... Thoughts?
Thanks for the swift reply, I have been looking online and a loose plug seems to be somewhat of an issue with many, I hope mine is actually a problem and not what others are experiencing. It's taken me this long to even reach out for the simple fact I HATE being a complainer but this is just horrible.
Do you have an iPad 3 as well? And is yours not experiencing any issues close to mine?
Thanks again! -
I am having issues with MLBtv, when I switch on my ATV it no longer comes up as an option nor does vimeo or the iTunes store, i've tried resets etc and after those they appear. put the tav into sleep mode and mysteriously they don't re appear. Any ideas?
I am having the same issue but mine is with Netflix. And there are only 4 categories now on the main menue when there used to be 5. Something went crazy with ATV software.
-
ipod nano 7th generation having issues with the UI. Out of box everything worked great. Once I snyc the device and it finished, the UI becomes unuesable. You have to double tap every icon in order to open music, videos, etc. I cannot swipe to the second page of icons, black box appears around an icon and then switches to a different one anytime I swipe. A box even appears around the time and battery power. iPod & iTunes are both updated. What is the FIX on this issue?
I had this problem as well. This is what I found by searching online. I tried the fix on my nano 7th gen and it worked. I hope this helps you. Make sure to use two fingers for sliding and double-click the icons to get into settings. Good luck.
It would seem that Voiceover has been enabled on your iPod Nano. The following article contains information regarding Voiceover, and how to disable it once it's been enabled.
iPod nano (6th generation and later): How to use VoiceOver
http://support.apple.com/kb/HT4317
To turn off VoiceOver on iPod nano using VoiceOver gestures
From the Home Screen, swipe right or left with two fingers until you see or hear "Page 2 of 2" on iPod nano (7th generation) or "Settings" on iPod (6th generation).
If the icons have been rearranged, or if there are more than four Home screens, you may hear something different.
Slide one finger around the screen until you hear Settings.
Double-tap to open Settings.
Slide your finger up or down the screen until you see or hear General, then double- tap.
Slide your finger up or down the screen until you see or hear Accessibility, then double-tap.
Slide your finger up or down the screen until you see or hear VoiceOver, then double-tap.
Double-tap when you hear "VoiceOver switch button on."
You'll hear "VoiceOver off" to confirm the setting. Now you can use standard gestures to control iPod nano.
Note: You can also turn off VoiceOver by resetting your iPod. -
Hi, I had recently purchased ipad3 and but obviously have been having issues with heating up and some minor issues with video playback etc. Apple has agreed to replace my device. I need help in deciding whether i should get a new ipad3 or opt for ipad2. Seller is willing to replace it with ipad2 as well..
Have also heard that the ipad3 revamped version is around along with the mini pad rumor..too much information - lot's of confusion pls helpLindsay,
Your iBookG4 is still a pretty awesome Mac. Like already said, it has the power to run Leopard, but it depends if you have an internal DVD drive.
Then I suppose you have to add up the cost of the OS, perhaps another 512MB RAM, iLife 08 and replacements for any favourite apps that you currently use (Leopard breaks a lot of stuff, but Intel breaks even more). Compare it to the cost of a new MacBook, which wil have all of that included and be 3-4x faster too.
It also depends on what you want to achieve with your iBook. My PMG4 still cuts it today, I still use it in preference to my new Mac Pro, It's about the same age as your iBook, and I'll only stop using it when it becomes "painfully" slow. My 1 year old son currently uses the Mac Pro (parts for a Mac Pro are easier to replace than those for a PMG4).
I think your choice is simple, if you can a cheap copy of Tiger, use that, it'll get your iPod Touch up and running. It came in DVD and 4 CD version (by request).
Leopard will work for you too but a lot of the best eye-candy requires quite a meaty graphics card and you may need a RAM upgrade and replacement software - OS9 Classic is not supported in Leopard. -
Oracle Hosted instance of APEX having issues today?
Just tried logging into to download some stuff and I am finding the Oracle hosted instance of APEX is having issues.. Anyone else notice this or dealing with this today?
Thank you,
Tony Miller
Webster, TXHi Tony,
It appears to be Web server related. I can't even get to http://apex.oracle.com (a static file). I just filed a P1 ticket for our IT organization to take a look and fix it.
Thanks for reporting this.
Joel -
[Solved] hosts.deny vs. hosts.allow
Hi,
I was looking for some detailed documentation about hosts.deny and hosts.allow. I have a vague idea that this is what is called "tcp wrappers", but I'm not sure. Can someone point me to some relevant documentation? I couldn't find anything in the wiki.
Last edited by kikinovak (2011-01-22 08:51:28)man 5 hosts_access
And yes, it is tcp_wrappers.
Maybe you are looking for
-
Foreign currency valuation problem
Hi Experts, FOr the GL account xxxxxxx having a nil balance (already been revaluated in june 2010) and the revaluation postings got reversed.My question is y the revaluation is still being generated even though it is having zero balance. We have anot
-
I have recently purchase the ipad mini and the ipad air while trying to set up face time neither one onf them have the phone number associated witht the data packages that they came with on the network.
-
Excel Export Fails in Windows 2003 Server
In my development environment, I am deploying an classic ASP web site on a Windows 2003 server (sp2). It is exporting the crystal reports to excel. In my UAT environment, I am deploying the same ASP web site on a windows 2003 server (sp2) R2. (Releas
-
Multipart form (file upload) processing in providers
Hello, Just want to find out if anyone has successfully implemented a file upload mechanism within a Portal channel. According to the Provider API (http://docs.sun.com/source/816-6428-10/com/sun/portal/providers/Provider.html), the wrapped request/re
-
My torch 9800 had battery low and was shut down then doesn't open again after recharging, it keeps showing loading sign without opening....what to do? ((