List Info

Thread: I need help with hosts.deny - doesn't work as I expected
I need help with hosts.deny - doesn't work as I expected
user name
 2006-03-29 08:53:35 
On the subject of deny.hosts and persistent automated
hacking, we've
found http://denyhosts.so
urceforge.net/ very useful. It automates
entries in hosts.deny by parsing logs to detect dictionary
attacks on
ssh etc.

simon


On Tue, 2006-03-28 at 10:52 -0800, Bill Watson wrote:
> I have /etc/hosts.allow that has no entries. I have
/etc/hosts.deny that
> has:
> 
> ALL: 219.106.229.178
> ALL: 72.129.200.46
> ALL: 200.38.
> ALL: 64.182.
> 
> >From my readings, I should not be getting any
messages from 200.38.x.x, yet
> my /var/log/messages shows:
> Mar 28 10:50:36 helmethouse vsftpd(pam_unix)[23790]:
check pass; user
> unknown
> Mar 28 10:50:36 helmethouse vsftpd(pam_unix)[23790]:
authentication failure;
> log
> name= uid=0 euid=0 tty= ruser= rhost=200.38.16.6
> Mar 28 10:50:40 helmethouse vsftpd(pam_unix)[23790]:
check pass; user
> unknown
> Mar 28 10:50:40 helmethouse vsftpd(pam_unix)[23790]:
authentication failure;
> log
> name= uid=0 euid=0 tty= ruser= rhost=200.38.16.6
> 
> And keeps going with a new entry every few seconds.
> 
> Is /etc/hosts.deny properly set up?
> Is /etc/hosts.deny immediately active or must some
service be restarted to
> make it go?
> Does vsftpd bypass /etc/hosts.deny?
> 
> Thanks!
> Bill Watson
> billmagicdigits.com
> 
> 
> _______________________________________________
> rhn-users mailing list
> rhn-usersredhat.com
> htt
ps://www.redhat.com/mailman/listinfo/rhn-users

_______________________________________________
rhn-users mailing list
rhn-usersredhat.com
htt
ps://www.redhat.com/mailman/listinfo/rhn-users
I need help with hosts.deny - doesn't work as Iexpected
user name
 2006-03-29 17:28:26 
To all who helped me, thank you!!! This denyhosts offering
is interesting,
but I have already restricted my ssh to about 4 IP
addresses. The tool
doesn't focus elsewhere.

The magic appears to be the unsuspected need to restart
vsftpd to get the
new hosts.deny values.

Bill Watson
billmagicdigits.com

-----Original Message-----
From: rhn-users-bouncesredhat.com [mailto:rhn-users-bouncesredhat.com] On
Behalf Of simon elliston ball
Sent: Wednesday, March 29, 2006 12:54 AM
To: Red Hat Network Users List
Subject: Re: [rhn-users] I need help with hosts.deny -
doesn't work as
Iexpected


On the subject of deny.hosts and persistent automated
hacking, we've found
http://denyhosts.so
urceforge.net/ very useful. It automates entries in
hosts.deny by parsing logs to detect dictionary attacks on
ssh etc.

simon


On Tue, 2006-03-28 at 10:52 -0800, Bill Watson wrote:
> I have /etc/hosts.allow that has no entries. I have
/etc/hosts.deny 
> that
> has:
> 
> ALL: 219.106.229.178
> ALL: 72.129.200.46
> ALL: 200.38.
> ALL: 64.182.
> 
> >From my readings, I should not be getting any
messages from 
> >200.38.x.x, yet
> my /var/log/messages shows:
> Mar 28 10:50:36 helmethouse vsftpd(pam_unix)[23790]:
check pass; user 
> unknown Mar 28 10:50:36 helmethouse
vsftpd(pam_unix)[23790]: 
> authentication failure; log
> name= uid=0 euid=0 tty= ruser= rhost=200.38.16.6
> Mar 28 10:50:40 helmethouse vsftpd(pam_unix)[23790]:
check pass; user
> unknown
> Mar 28 10:50:40 helmethouse vsftpd(pam_unix)[23790]:
authentication
failure;
> log
> name= uid=0 euid=0 tty= ruser= rhost=200.38.16.6
> 
> And keeps going with a new entry every few seconds.
> 
> Is /etc/hosts.deny properly set up?
> Is /etc/hosts.deny immediately active or must some
service be 
> restarted to make it go? Does vsftpd bypass
/etc/hosts.deny?
> 
> Thanks!
> Bill Watson
> billmagicdigits.com
> 
> 
> _______________________________________________
> rhn-users mailing list
> rhn-usersredhat.com htt
ps://www.redhat.com/mailman/listinfo/rhn-users

_______________________________________________
rhn-users mailing list
rhn-usersredhat.com htt
ps://www.redhat.com/mailman/listinfo/rhn-users

_______________________________________________
rhn-users mailing list
rhn-usersredhat.com
htt
ps://www.redhat.com/mailman/listinfo/rhn-users
RHEL 4 kernel.shmmax limit
user name
 2006-05-23 23:24:25 
Does RHEL 4 32 bit (hugemem kernel) have a 4GB kernel.shmmax
limit? I
can't seem to get to go higher than this on a server with
16GB of memory
running Oracle 10g. If it's a 32 bit limit does anyone know
what the
shmmax limit is on RHEL 4 64 bit?

Thanks

-----------------------------------------
This email transmission and any accompanying attachments may
contain CSX privileged and confidential information intended
only
for the use of the intended addressee.  Any dissemination,
distribution, copying or action taken in reliance on the
contents
of this email by anyone other than the intended recipient is
strictly prohibited.  If you have received this email in
error
please immediately delete it and  notify sender at the above
CSX
email address.  Sender and CSX accept no liability for any
damage
caused directly or indirectly by receipt of this email.


_______________________________________________
rhn-users mailing list
rhn-usersredhat.com
htt
ps://www.redhat.com/mailman/listinfo/rhn-users
[1-3]

about | contact  Other archives ( Real Estate discussion Medical topics )