which log files to check for hosts.deny



  • 1. all messages the same date and time (fetchmail)
    Hi all, I use fetchmail to get my e-mail. It is delivered to Postfix (with virus and spam filter). I also use procmail. This works great, but... When my server is down for a few days, all new mails get the same date and time (probably because of last header added by postfix). From the fetchmail FAQ: --- O10. Why is the received date on all my messages the same? This is a design choice in your MTA, not fetchmail. It's taking the received date from the last Received header. --- Is there a solution (using postfix or procmail) to correct this problem, because I think more people have this problem. (For example remove the last header added by postfix). Best regards, Dennis
  • 2. Linux SAMBA server viewed as being on the Internet by XP
    I had a stable Mandrake 9.2 samba server (can't remember which version, I think it was the last version 2). It sat on my home network and all my XP machines accessed it fine. I upgraded with the Mandrake 10.0 Official Download release and all is well, *except* that my XP boxes now think that my Linux box is on the Internet *outside* my LAN! Now it's not really stopping anything, it just flashes warning boxes everytime you run an executable on the Linux server. So it needs fixing, or I have to lower my security settings for the *Internet Zone* on XP and I'd rather not do that. The new version of SAMBA is 3.02a. Oddly my Linux box appears in the same WORKGROUP as my XP boxes, which suggests that some part of the relationship knows that the SAMBA server is sitting in the right place. Has anyone ever seen this? Any ideas on how it happens? I can post relevant conf files if needed etc.
  • 3. speedtouch 530 NAT versus linux pptp + nat
    small setup - 5 PCs - users kinda demanding I'm setting up a mail server (whitebox linux based). There is no hardware left for a dedicated firewall (such as smoothwall). I was originally tempted to use the speedtouch DLS modem (pptp that returns a fixed ip) for NAT, and port 25, 443, 993 to the linux machine for smtp, https and imaps access....but I'm concerned as to how 'robust' the speedtouch is. The only current alternative is to use the mail server as a firewall itself. Are there any experiences or recommendations? B.
  • 4. Samba Woes
    So I have samba working correctly on one linux box to allow me to mount shares on my windows 2003 server. But when I try on my second linux box I keep getting some crappy wrong fs type ....... with tons of other options of what could be wrong. I downloaded the source, configured it, performed make, make install and then I had no smb.conf file. I made one -- actually copied it from my other machine that works, and I can't mount. When I try to just mount without -t smbfs I get an error that the kernel can't handle smb file systems. So I can get to the server to discover the smb filesystem. Then I try to use mount -t smbfs -o username=something,password=smells //Server/Folder //mount/fileServer This gives me the wrong fs type, bad sector error. But when I turn around and use my other linux box the command works. What am I missing? Apparently all the installers work for micro$oft and all the smart people are working on linux.

which log files to check for hosts.deny

Postby Monty loree » Wed, 29 Nov 2006 04:19:28 GMT

I'm trying to get better control of my traffic on linux.

I have placed about 100 IP addresses in my hosts.deny file.
I am curious to know which log file I would use to see if any of these
spammer IP's have been blocked.


Re: which log files to check for hosts.deny

Postby Jack Snodgrass » Wed, 29 Nov 2006 04:50:52 GMT

depends on your linux distro... /var/log/security maybe... 
if your looking to block SPAM... /etc/hosts.deny probably 
won't do you any good. I don't think that sendmail uses 
this... only things that use tcp wrappers use /etc/hosts.allow
and /etc/hosts.deny. 

I use iptables to block access to my mail and web ports from 
'bad' users. 


D.A.M. - Mothers Against Dyslexia

see  http://www.**--****.com/  for my contact info.

jack - Grapevine/Richardson

Re: which log files to check for hosts.deny

Postby Monty loree » Wed, 29 Nov 2006 04:59:20 GMT

Hi Jack,
By spammers I meant scraper sites.  They come by and scrape thousands
of my pages.

I want to block the bad guys to give me a better grip of the count of
my good traffic.

I will check /var/log/security.

Many thanks,

Monty Loree

Re: which log files to check for hosts.deny

Postby Monty loree » Wed, 29 Nov 2006 21:41:35 GMT

This is the format that I've got my IP addresses listed.


My hosts.allow file looks like this:
# hosts.allow   This file describes the names of the hosts which are
#               allowed to use the local INET services, as decided
#               by the '/usr/sbin/tcpd' server.

Re: which log files to check for hosts.deny

Postby Monty loree » Wed, 29 Nov 2006 21:43:43 GMT

BTW... Jack,
I checked /var/log/secure file to see if that checks the hosts.deny

/var/log/secure tests for people trying to log into the system.


Similar Threads:

1.slow log in process with /etc/hosts.deny or hosts.allow

I have a linux box running mandrake kernel 2.4.3.  It has xinetd.  I
come to a odd question when I configure /etc/hosts.allow or
/etc/hosts.deny.  No matter what entry I put in, my log in will become
very slow.  However, everything runs normal speed after I login.  This
happens when I sit in front of my computer, romote ssh.  It also happen
when I bring up a Xterm.  The windows will pops out quick but the
prompt comes up very slow.  It happnens when I do the su user.  It
seems to try to find something after I type password.  I use tcpdump
and find this when the system slow.
hostname.631 > xxx.xxx.xxx.255.631 UDP 133 (DF)
hostname.631 > xxx.xxx.xxx.255.631 UDP 134 (DF)
I don't know if it is relative.
I also use to.  I didn't see anything consuming CPU time and memory.
The CPU idle is always about 99%.
I set up serveral linux but never had this kind of problem.  Any idea?

Thank you in advance

2.hosts.deny: how do i test to see if hosts.deny is working

I am trying to block scraper sites from accessing my sites.
I have put a bunch ip addresses in my hosts.deny and I'm not sure if
they've blocked anything.

Then I put my own IP address into the hosts.deny to see if I could
block myself.  that didn't work.

I would like to know if there is a log file  or some other way to
verify that IP's that I've designated in hosts.deny are actually
getting blocked.

Many thanks.

3.Issue with SSH: my IP address doesn't stop to be logged into /etc/hosts.deny

I administer my remote server (Ubuntu 8.04.1 server) with ssh.

For some reasons, the IP address of my work computer has been logged
in /etc/hosts.deny. When I delete this entry, it is logged back few
seconds after having save the file.

fail2ban is running on my remote server but it does not seem to
interfere with the /etc/hosts.deny file. I emptied the /var/log/
auth.log file as fail2ban parses the log to ban clients but it did not
manage to solve my issue and the IP address of my work computer still
gets logged in /etc/hosts.deny.

I could add my work computer IP address in /etc/hosts.allow, but I
cannot figure out why the IP address of my
work computer does not stop to get logged into /etc/hosts.deny right
after I removed the entry from the file.

I've even tried to totally empty the /etc/hosts.deny file. Few seconds
after I saved the file, all the previous entries I had removed were
logged back into /etc/hosts.deny.

Are there some services that monitor / update the file /etc/hosts.deny
periodically and that could cause to override my changes ?

Many thanks for your help

4.hosts.deny and hosts.allow problem

Hi.  I'm having trouble setting up my hosts.allow and hosts.deny files.
 Basically I only want to be able to ssh in from one particular ip
address, e.g. xxx.xxx.xxx.xxx.

When my setup is:

# cat /etc/hosts.deny

# cat /etc/hosts.allow

I _cannot_ ssh in, as expected.

When it is:

# cat /etc/hosts.deny

# cat /etc/hosts.allow

I _can_ ssh in, as expected

But when it is:

# cat /etc/hosts.deny

# cat /etc/hosts.allow
sshd: xxx.xxx.xxx.xxx

I cannot ssh in....  I can't even get in when I do:

# cat /etc/hosts.allow
sshd: ALL

So it seems like hosts.deny works as I would anticipate, but
hosts.allow doesn't seem to be overuling hosts.deny.

Anyone have any clue?  This is Redhat 9

Thanks in advance....


5.help with hosts.allow -hosts.deny


I'm having a little trouble understanding how those files work. I have tried
looking at man hosts.allow, hosts.deny.

I saw that you needed to put       service:host

So I put in hosts.allow


in hosts.deny


So it denies all, except services put in allow, right?

There seems to be a flaw in my logic, maybe I am using the wrong names for
services? I'm running Red Hat 9. And am a bit new to the world of linux.

Thank you for any help possible,

6. Xinetd & host.allow and host.deny

7. ssh, hosts.allow, hosts.deny, and dyndns names

Return to linux


Who is online

Users browsing this forum: No registered users and 29 guest