Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [hosts.deny]

tcp_wrappers provides support for controlling access to tcp services normally specified by the hosts.allow and hosts.deny files. This may be done using tcpd, a wrapper service, or by linking the service providing daemon code to the libwrap library.

Original version of TCP Wrapper written by Wietse Venema

The tag name is hosts.deny, this should probably actually be tcp_wrappers (normal name of installed package) with synonyms of hosts.deny, hosts.allow, tcpd and libwrap.

16 questions
6
votes
4 answers

How to delete ip address from denyhosts

I was experimenting with denyhosts from my home computer and now it has blocked my ip address and put in /etc/hosts.deny. Now my ip is not static and it chnages every week so i cna have fixed ip in hosts.allow. I tried manually deleting that ip from…
John
4
votes
2 answers

What exactly is handling hosts.allow and hosts.deny?

On a Linux machine, there is hosts.allow and hosts.deny to either allow or deny certain hosts to access services running on the machine. The question is, what exactly is taking care of allowing or refusing those connections? Is there a daemon doing…
Weboide
  • 3,275
  • 1
  • 23
  • 32
3
votes
0 answers

hosts.allow, hosts.deny : One rule per service?

In quite a few places (some old, some recent) it's stated that the tcp-wrappers configuration files /etc/hosts.allow, /etc/hosts.deny allow only one rule per service. This looks wrong to me, I write many sshd: lines in my…
leonbloy
  • 2,028
  • 17
  • 23
3
votes
4 answers

/etc/hosts.deny ignored in Ubuntu 14.04

I have Apache2 running on Ubuntu 14.04LTS. To begin securing network access to the machine, I want to start by blocking everything, then make specific allow statements for specific subnets to browse to sites hosted in Apache. The Ubuntu Server is…
Matt
  • 31
  • 1
  • 2
2
votes
5 answers

Ubuntu Apache IP based access restriction

My server has been infiltrated by an outsider using my root user qualifications. With the root password changed, I'm trying to find extra strategies for securing the server. Using the /etc/hosts.allow and /etc/hosts.deny seems like a viable solution…
sisko
  • 155
  • 1
  • 8
2
votes
1 answer

ssh DenyUsers - not working with my RHEL6 setup

I want to deny access to a single user (test1 ) from ip - 192.168.122.16. So this is what I have added the following line in /etc/ssh/sshd_config DenyUsers test1@192.168.122.16 Then have restarted sshd after making changes to the sshd_config. But…
linxsaga
  • 41
  • 1
  • 5
1
vote
1 answer

using twist in hosts.allow

At the end of my hosts.allow I have the following: ALL : ALL \ : spawn (echo "%d" | /usr/bin/mail -s "tcpf\: %d attempt from %h." root) & \ : severity auth.info \ : twist /bin/echo "You are not welcome to use %d from %h."` But this appears to…
lbutlr
  • 113
  • 6
1
vote
2 answers

What services does hosts.allow NOT affect?

I know that hosts.allow and host.deny only affect things that are tcpwrappered, but what does this mean in practice? It seems that most people use hosts.allow to handle ssh and nfs blocking, but what other services are typically handled there? And…
Jed Daniels
  • 7,172
  • 2
  • 33
  • 41
1
vote
2 answers

Linux: hosts.allow, hosts.deny - how do I allow all except hosts mentioned in hosts.deny

How do I configure hosts.allow and hosts.deny to allow all connections from all hosts except for some hosts/ports specified in hosts.deny? This is what I have now in these files: hosts.allow: ALL:ALL hosts.deny: somehost:someport I want to allow…
user58292
0
votes
1 answer

ssh_exchange_identification - deny.hosts blocking ssh access due to my IP changing

Today my IP address changed. Due to this my ubuntu server has locked me out. When I try to access the server via SSH, I am presented with the follow error: ssh_exchange_identification: read: Connection reset by peer I presume this is down to my new…
richelliot
  • 127
  • 6
0
votes
1 answer

hosts.deny line too long or too big file?

I have about 50k ip addresses denied in the hosts.deny file, generated by a script with 7 addresses per line max and get this error: warning: /etc/hosts.deny, line 4429: missing newline or line too long Line 4429 is the one in the middle here: ALL:…
Daniel W.
  • 1,439
  • 4
  • 23
  • 46
0
votes
1 answer

Can /etc/hosts.deny/allow be overridden?

I have security measures put in place to keep unwanted users out of my server. I've changed the SSH port, disabled root login, have a software firewall to block portscans, and have entries in hosts.deny and hosts.allow. I have various services…
Tar
  • 265
  • 4
  • 11
0
votes
1 answer

How to disable yandex in tomcat?

Yandex.ru spiders are known of disobeying robots.txt. In Apache, you can disable yandex in htaccess file. How can I do the same thing with Tomcat? I'm using ubuntu server, so I thoght about appropriate entries in hosts.deny, but I'm not sure if ALL:…
vinga
  • 101
  • 2
0
votes
2 answers

How would you block a specific user from a specific IP and a specific port?

Just curious here, no real use case... The answer is probably /etc/hosts.deny but asking in case there are other way to do
thomasb
  • 103
  • 3
0
votes
3 answers

How to allow a hostname reverse DNS in hosts.deny

I wish to BLOCK all sshd connection BUT one dynamic IP assigned to a .ddns.net so I've put this in /etc/hosts.deny: sshd: ALL EXCEPT .ddns.net This does not allow me to connect to SSH. Instead, if I place the IP resolved (a…
CrazyRabbit
  • 119
  • 1
  • 7
1
2