Originally Posted by
satimis
What will be the result if entering "ALL:ALL" on hosts.deny?
It would deny access to all services for all hosts. If you wanted to be able to block everyone, yet still allow yourself in you would need to create an exception or add yourself to hosts.allow.
Here's a sample config I use on my RHEL server at work:
Code:
[root@hip ~]# cat /etc/hosts.allow
#
# hosts.allow This file describes the names of the hosts which are
# allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
sshd: 127.0.0.1
# Domain
sshd: .my.work.domain.com
# Firewall
sshd: ccc.ddd.244.114
# Vendor Tech Support IPs
sshd: xxx.yyy.247.106, aaa.bbb.158.10
# DBott from home
sshd: *.my.isp.com
Code:
[root@hip ~]# cat /etc/hosts.deny
#
# hosts.deny This file describes the names of the hosts which are
# *not* allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow. In particular
# you should know that NFS uses portmap!
sshd:ALL EXCEPT localhost \
: spawn /bin/echo `/bin/date` access denied for %a %h>>/var/log/sshd.log
Before changing the hosts.allow and hosts.deny, my log file was filled with brute force attempts to SSH in. Since enabling this, this is what my log file looks like now:
Code:
Fri Aug 10 08:47:17 EDT 2007 access denied for ::ffff:64.76.204.99 mail.intervida.org.pe
Fri Aug 10 09:02:13 EDT 2007 access denied for ::ffff:64.76.204.99 mail.intervida.org.pe
Fri Aug 10 09:20:09 EDT 2007 access denied for ::ffff:64.76.204.99 mail.intervida.org.pe
Fri Aug 10 09:30:11 EDT 2007 access denied for ::ffff:64.76.204.99 mail.intervida.org.pe
Fri Aug 10 17:14:41 EDT 2007 access denied for ::ffff:218.55.193.136 ::ffff:218.55.193.136
Sat Aug 11 17:30:57 EDT 2007 access denied for ::ffff:131.104.48.173 potter.cis.uoguelph.ca
Sat Aug 11 17:38:34 EDT 2007 access denied for ::ffff:131.104.48.173 potter.cis.uoguelph.ca
Sat Aug 11 22:31:09 EDT 2007 access denied for ::ffff:24.158.163.108 24-158-163-108.dhcp.jcsn.tn.charter.com
Sat Aug 11 22:31:37 EDT 2007 access denied for ::ffff:24.158.163.108 24-158-163-108.dhcp.jcsn.tn.charter.com
Sun Aug 12 04:22:18 EDT 2007 access denied for ::ffff:222.73.231.121 ::ffff:222.73.231.121
Sun Aug 12 04:27:15 EDT 2007 access denied for ::ffff:222.73.231.121 ::ffff:222.73.231.121
Mon Aug 13 05:03:30 EDT 2007 access denied for ::ffff:222.90.234.68 ::ffff:222.90.234.68
Mon Aug 13 16:44:44 EDT 2007 access denied for ::ffff:218.95.228.152 ::ffff:218.95.228.152
Mon Aug 13 17:04:35 EDT 2007 access denied for ::ffff:218.95.228.152 ::ffff:218.95.228.152
Tue Aug 14 06:21:26 EDT 2007 access denied for ::ffff:222.73.104.213 ::ffff:222.73.104.213
Tue Aug 14 08:42:44 EDT 2007 access denied for ::ffff:222.135.144.23 ::ffff:222.135.144.23
Tue Aug 14 09:48:43 EDT 2007 access denied for ::ffff:222.135.144.23 ::ffff:222.135.144.23
Tue Aug 14 13:02:49 EDT 2007 access denied for ::ffff:59.106.14.41 ::ffff:59.106.14.41
Tue Aug 14 13:13:26 EDT 2007 access denied for ::ffff:59.106.14.41 ::ffff:59.106.14.41
Tue Aug 14 13:39:13 EDT 2007 access denied for ::ffff:61.146.178.13 ::ffff:61.146.178.13
Tue Aug 14 18:31:25 EDT 2007 access denied for ::ffff:222.168.102.67 ::ffff:222.168.102.67
Tue Aug 14 23:00:02 EDT 2007 access denied for ::ffff:82.103.65.2 server.transcapital.bg
Wed Aug 15 13:50:51 EDT 2007 access denied for ::ffff:71.231.123.145 c-71-231-123-145.hsd1.wa.comcast.net
Wed Aug 15 13:59:22 EDT 2007 access denied for ::ffff:71.231.123.145 c-71-231-123-145.hsd1.wa.comcast.net
Wed Aug 15 17:30:52 EDT 2007 access denied for ::ffff:158.75.59.5 opty.xlo.torun.pl
Thu Aug 16 01:06:42 EDT 2007 access denied for ::ffff:222.171.127.162 ::ffff:222.171.127.162
Thu Aug 16 01:09:32 EDT 2007 access denied for ::ffff:222.171.127.162 ::ffff:222.171.127.162
Fri Aug 17 10:54:09 EDT 2007 access denied for ::ffff:211.93.0.213 ::ffff:211.93.0.213
Fri Aug 17 20:14:06 EDT 2007 access denied for ::ffff:202.201.241.243 ::ffff:202.201.241.243
Fri Aug 17 20:16:08 EDT 2007 access denied for ::ffff:202.201.241.243 ::ffff:202.201.241.243
Sat Aug 18 16:29:54 EDT 2007 access denied for ::ffff:202.123.27.159 ::ffff:202.123.27.159
Sat Aug 18 16:55:23 EDT 2007 access denied for ::ffff:202.123.27.159 ::ffff:202.123.27.159
Sun Aug 19 02:00:45 EDT 2007 access denied for ::ffff:211.200.44.249 ::ffff:211.200.44.249
Sun Aug 19 02:06:02 EDT 2007 access denied for ::ffff:211.200.44.249 ::ffff:211.200.44.249
Mon Aug 20 01:37:49 EDT 2007 access denied for ::ffff:211.78.3.69 dns.dotking.com.tw
Mon Aug 20 02:12:07 EDT 2007 access denied for ::ffff:211.78.3.69 dns.dotking.com.tw
Tue Aug 21 01:15:08 EDT 2007 access denied for ::ffff:58.47.168.236 ::ffff:58.47.168.236
Tue Aug 21 01:17:43 EDT 2007 access denied for ::ffff:58.47.168.236 ::ffff:58.47.168.236
Tue Aug 21 03:32:58 EDT 2007 access denied for ::ffff:60.28.23.21 ::ffff:60.28.23.21
Wed Aug 22 06:15:38 EDT 2007 access denied for ::ffff:202.107.245.4 ::ffff:202.107.245.4
Wed Aug 22 06:49:04 EDT 2007 access denied for ::ffff:202.107.245.4 ::ffff:202.107.245.4
Thu Aug 23 03:16:31 EDT 2007 access denied for ::ffff:200.7.97.194 mail.uniqueyacht.com
Thu Aug 23 03:17:53 EDT 2007 access denied for ::ffff:200.7.97.194 ::ffff:200.7.97.194
Thu Aug 23 15:41:22 EDT 2007 access denied for ::ffff:200.205.221.114 ::ffff:200.205.221.114
Thu Aug 23 15:45:26 EDT 2007 access denied for ::ffff:200.205.221.114 ::ffff:200.205.221.114
Fri Aug 24 14:12:53 EDT 2007 access denied for ::ffff:222.122.26.60 ::ffff:222.122.26.60
-Dave
Bookmarks