I'm trying to get better control of my traffic on linux. I have placed about 100 IP addresses in my hosts.deny file. I am curious to know which log file I would use to see if any of these spammer IP's have been blocked. Thanks,
which log files to check for hosts.deny
5 posts
• Page 1 of 1
- 1. all messages the same date and time (fetchmail)
Hi all, I use fetchmail to get my e-mail. It is delivered to Postfix (with virus and spam filter). I also use procmail. This works great, but... When my server is down for a few days, all new mails get the same date and time (probably because of last header added by postfix). From the fetchmail FAQ: --- O10. Why is the received date on all my messages the same? This is a design choice in your MTA, not fetchmail. It's taking the received date from the last Received header. --- Is there a solution (using postfix or procmail) to correct this problem, because I think more people have this problem. (For example remove the last header added by postfix). Best regards, Dennis - 2. Linux SAMBA server viewed as being on the Internet by XP
I had a stable Mandrake 9.2 samba server (can't remember which version, I think it was the last version 2). It sat on my home network and all my XP machines accessed it fine. I upgraded with the Mandrake 10.0 Official Download release and all is well, *except* that my XP boxes now think that my Linux box is on the Internet *outside* my LAN! Now it's not really stopping anything, it just flashes warning boxes everytime you run an executable on the Linux server. So it needs fixing, or I have to lower my security settings for the *Internet Zone* on XP and I'd rather not do that. The new version of SAMBA is 3.02a. Oddly my Linux box appears in the same WORKGROUP as my XP boxes, which suggests that some part of the relationship knows that the SAMBA server is sitting in the right place. Has anyone ever seen this? Any ideas on how it happens? I can post relevant conf files if needed etc. - 3. speedtouch 530 NAT versus linux pptp + nat
small setup - 5 PCs - users kinda demanding I'm setting up a mail server (whitebox linux based). There is no hardware left for a dedicated firewall (such as smoothwall). I was originally tempted to use the speedtouch DLS modem (pptp that returns a fixed ip) for NAT, and port 25, 443, 993 to the linux machine for smtp, https and imaps access....but I'm concerned as to how 'robust' the speedtouch is. The only current alternative is to use the mail server as a firewall itself. Are there any experiences or recommendations? B. - 4. Samba Woes
So I have samba working correctly on one linux box to allow me to mount shares on my windows 2003 server. But when I try on my second linux box I keep getting some crappy wrong fs type ....... with tons of other options of what could be wrong. I downloaded the source, configured it, performed make, make install and then I had no smb.conf file. I made one -- actually copied it from my other machine that works, and I can't mount. When I try to just mount without -t smbfs I get an error that the kernel can't handle smb file systems. So I can get to the server to discover the smb filesystem. Then I try to use mount -t smbfs -o username=something,password=smells //Server/Folder //mount/fileServer This gives me the wrong fs type, bad sector error. But when I turn around and use my other linux box the command works. What am I missing? Apparently all the installers work for micro$oft and all the smart people are working on linux.
Next
which log files to check for hosts.deny
by Monty loree » Wed, 29 Nov 2006 04:19:28 GMT
Re: which log files to check for hosts.deny
by Jack Snodgrass » Wed, 29 Nov 2006 04:50:52 GMT
depends on your linux distro... /var/log/security maybe... if your looking to block SPAM... /etc/hosts.deny probably won't do you any good. I don't think that sendmail uses this... only things that use tcp wrappers use /etc/hosts.allow and /etc/hosts.deny. I use iptables to block access to my mail and web ports from 'bad' users. jack -- D.A.M. - Mothers Against Dyslexia see http://www.**--****.com/ for my contact info. jack - Grapevine/Richardson
Re: which log files to check for hosts.deny
by Monty loree » Wed, 29 Nov 2006 04:59:20 GMT
Hi Jack, By spammers I meant scraper sites. They come by and scrape thousands of my pages. I want to block the bad guys to give me a better grip of the count of my good traffic. I will check /var/log/security. Many thanks, Monty Loree
Re: which log files to check for hosts.deny
by Monty loree » Wed, 29 Nov 2006 21:41:35 GMT
This is the format that I've got my IP addresses listed. ALL: 72.20.99.42 ALL: 38.98.120.72 ALL: 193.93.236.7 ALL: 72.14.199.78 ALL: 72.14.199.80 ALL: 203.144.144.164 ALL: 66.249.66.37 ALL: 65.214.44.29 ALL: 72.36.167.42 ALL: 38.102.128.140 ALL: 203.144.144.163 ALL: 195.225.177.40 ALL: 212.42.113.10 ALL: 195.225.177.20 ALL: 64.78.155.100 ALL: 66.249.66.210 ALL: 193.47.80.41 My hosts.allow file looks like this: # # hosts.allow This file describes the names of the hosts which are # allowed to use the local INET services, as decided # by the '/usr/sbin/tcpd' server. #
Re: which log files to check for hosts.deny
by Monty loree » Wed, 29 Nov 2006 21:43:43 GMT
BTW... Jack, I checked /var/log/secure file to see if that checks the hosts.deny /var/log/secure tests for people trying to log into the system. Best,
Similar Threads:
1.slow log in process with /etc/hosts.deny or hosts.allow
I have a linux box running mandrake kernel 2.4.3. It has xinetd. I come to a odd question when I configure /etc/hosts.allow or /etc/hosts.deny. No matter what entry I put in, my log in will become very slow. However, everything runs normal speed after I login. This happens when I sit in front of my computer, romote ssh. It also happen when I bring up a Xterm. The windows will pops out quick but the prompt comes up very slow. It happnens when I do the su user. It seems to try to find something after I type password. I use tcpdump and find this when the system slow. hostname.631 > xxx.xxx.xxx.255.631 UDP 133 (DF) hostname.631 > xxx.xxx.xxx.255.631 UDP 134 (DF) I don't know if it is relative. I also use to. I didn't see anything consuming CPU time and memory. The CPU idle is always about 99%. I set up serveral linux but never had this kind of problem. Any idea? Thank you in advance
2.hosts.deny: how do i test to see if hosts.deny is working
I am trying to block scraper sites from accessing my sites. I have put a bunch ip addresses in my hosts.deny and I'm not sure if they've blocked anything. Then I put my own IP address into the hosts.deny to see if I could block myself. that didn't work. I would like to know if there is a log file or some other way to verify that IP's that I've designated in hosts.deny are actually getting blocked. Many thanks.
3.Issue with SSH: my IP address doesn't stop to be logged into /etc/hosts.deny
I administer my remote server (Ubuntu 8.04.1 server) with ssh. For some reasons, the IP address of my work computer has been logged in /etc/hosts.deny. When I delete this entry, it is logged back few seconds after having save the file. fail2ban is running on my remote server but it does not seem to interfere with the /etc/hosts.deny file. I emptied the /var/log/ auth.log file as fail2ban parses the log to ban clients but it did not manage to solve my issue and the IP address of my work computer still gets logged in /etc/hosts.deny. I could add my work computer IP address in /etc/hosts.allow, but I cannot figure out why the IP address of my work computer does not stop to get logged into /etc/hosts.deny right after I removed the entry from the file. I've even tried to totally empty the /etc/hosts.deny file. Few seconds after I saved the file, all the previous entries I had removed were logged back into /etc/hosts.deny. Are there some services that monitor / update the file /etc/hosts.deny periodically and that could cause to override my changes ? Many thanks for your help Antonin
4.hosts.deny and hosts.allow problem
Hi. I'm having trouble setting up my hosts.allow and hosts.deny files. Basically I only want to be able to ssh in from one particular ip address, e.g. xxx.xxx.xxx.xxx. When my setup is: # cat /etc/hosts.deny ALL: ALL # cat /etc/hosts.allow I _cannot_ ssh in, as expected. When it is: # cat /etc/hosts.deny # cat /etc/hosts.allow I _can_ ssh in, as expected But when it is: # cat /etc/hosts.deny ALL: ALL # cat /etc/hosts.allow sshd: xxx.xxx.xxx.xxx I cannot ssh in.... I can't even get in when I do: # cat /etc/hosts.allow sshd: ALL So it seems like hosts.deny works as I would anticipate, but hosts.allow doesn't seem to be overuling hosts.deny. Anyone have any clue? This is Redhat 9 Thanks in advance.... Dan
5.help with hosts.allow -hosts.deny
Greatings, I'm having a little trouble understanding how those files work. I have tried looking at man hosts.allow, hosts.deny. I saw that you needed to put service:host So I put in hosts.allow sendmail:all ftpd:all httpd:all sshd:all vsftpd:all in hosts.deny all:all So it denies all, except services put in allow, right? There seems to be a flaw in my logic, maybe I am using the wrong names for services? I'm running Red Hat 9. And am a bit new to the world of linux. Thank you for any help possible, Mikey
5 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 29 guest