Re: Squeeze, MySQL and hosts.allow and hosts.deny ignored

Mon, 09 Jul 2012 11:11:32 -0700 

My hosts.deny
# /etc/hosts.deny: list of hosts that are _not_ allowed to access the system. # See the manual pages hosts_access(5) and hosts_options(5). 
#
# Example:    ALL: some.host.name, .some.domain
#             ALL EXCEPT in.fingerd: other.host.name, .other.domain
#
# If you're going to protect the portmapper use the name "portmap" for the
# daemon name. Remember that you can only use the keyword "ALL" and IP
# addresses (NOT host or domain names) for the portmapper, as well as for
# rpc.mountd (the NFS mount daemon). See portmap(8) and rpc.mountd(8)
# for further information.
#
# The PARANOID wildcard matches any host whose name does not match its
# address.
#
# You may wish to enable this to ensure any programs that don't
# validate looked up hostnames still leave understandable logs. In past
# versions of Debian this has been the default.
# ALL: PARANOID
ALL: ALL : spawn ( echo $(date '+%%d.%%m.%%y %%T') access DENIED from %u@%h [%a] >> /var/log/tcp_wrapper/%d.log ) & 

My hosts.allow
# /etc/hosts.allow: list of hosts that are allowed to access the system.

#                   See the manual pages hosts_access(5) and 
hosts_options(5).

#
# Example:    ALL: LOCAL @some_netgroup
#             ALL: .foobar.edu EXCEPT terminalserver.foobar.edu
#
# If you're going to protect the portmapper use the name "portmap" for the
# daemon name. Remember that you can only use the keyword "ALL" and IP
# addresses (NOT host or domain names) for the portmapper, as well as for
# rpc.mountd (the NFS mount daemon). See portmap(8) and rpc.mountd(8)
# for further information.
#
sshd: 192.168.1.1 \

    : spawn ( echo $(date '+%%d.%%m.%%y %%T') access ALLOWED from %u@%h 
[%a] >> /var/log/tcp_wrapper/%d.log ) &




I tested with mysqld: ALL in hosts.deny too.

Thanks for help

Zdenek Herman
zdenek.her...@ille.cz

Dne 9.7.2012 16:52, Camaleón napsal(a):

On Sun, 08 Jul 2012 22:26:11 +0200, Zdenek Herman wrote:

(...)


When I set hosts.deny ALL: ALL and hosts.allow is empty. I can allow
connect to MySQL from anywhere - settings in hosts.allow and hosts.deny
are ignored.

(...)

I wonder if you aren't just missing the daemon to filter (mysqld) :-?

cat /etc/hosts.deny

Greetings,





--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4ffb1ebe.70...@ille.cz























					Reply via email to