Re: Squeeze, MySQL and hosts.allow and hosts.deny ignored

To: debian-user@lists.debian.org
Subject: Re: Squeeze, MySQL and hosts.allow and hosts.deny ignored
From: Zdenek Herman <zdenek.herman@ille.cz>
Date: Mon, 09 Jul 2012 20:11:10 +0200
Message-id: <[🔎] 4FFB1EBE.70603@ille.cz>
In-reply-to: <[🔎] jter7u$sc9$12@dough.gmane.org>
References: <[🔎] 4FF9ECE3.2000805@ille.cz> <[🔎] jter7u$sc9$12@dough.gmane.org>

My hosts.deny

# /etc/hosts.deny: list of hosts that are _not_ allowed to access thesystem.# See the manual pages hosts_access(5) andhosts_options(5).

#
# Example:    ALL: some.host.name, .some.domain
#             ALL EXCEPT in.fingerd: other.host.name, .other.domain
#
# If you're going to protect the portmapper use the name "portmap" for the
# daemon name. Remember that you can only use the keyword "ALL" and IP
# addresses (NOT host or domain names) for the portmapper, as well as for
# rpc.mountd (the NFS mount daemon). See portmap(8) and rpc.mountd(8)
# for further information.
#
# The PARANOID wildcard matches any host whose name does not match its
# address.
#
# You may wish to enable this to ensure any programs that don't
# validate looked up hostnames still leave understandable logs. In past
# versions of Debian this has been the default.
# ALL: PARANOID

ALL: ALL : spawn ( echo $(date '+%%d.%%m.%%y %%T') access DENIED from%u@%h [%a] >> /var/log/tcp_wrapper/%d.log ) &


My hosts.allow
# /etc/hosts.allow: list of hosts that are allowed to access the system.

# See the manual pages hosts_access(5) andhosts_options(5).

#
# Example:    ALL: LOCAL @some_netgroup
#             ALL: .foobar.edu EXCEPT terminalserver.foobar.edu
#
# If you're going to protect the portmapper use the name "portmap" for the
# daemon name. Remember that you can only use the keyword "ALL" and IP
# addresses (NOT host or domain names) for the portmapper, as well as for
# rpc.mountd (the NFS mount daemon). See portmap(8) and rpc.mountd(8)
# for further information.
#
sshd: 192.168.1.1 \

: spawn ( echo $(date '+%%d.%%m.%%y %%T') access ALLOWED from %u@%h[%a] >> /var/log/tcp_wrapper/%d.log ) &




I tested with mysqld: ALL in hosts.deny too.

Thanks for help

Zdenek Herman
zdenek.herman@ille.cz

Dne 9.7.2012 16:52, Camaleón napsal(a):

On Sun, 08 Jul 2012 22:26:11 +0200, Zdenek Herman wrote:

(...)

When I set hosts.deny ALL: ALL and hosts.allow is empty. I can allow
connect to MySQL from anywhere - settings in hosts.allow and hosts.deny
are ignored.

(...)

I wonder if you aren't just missing the daemon to filter (mysqld) :-?

cat /etc/hosts.deny

Greetings,

Reply to:

Follow-Ups:
- Re: Squeeze, MySQL and hosts.allow and hosts.deny ignored
  - From: Kushal Kumaran <kushal.kumaran+debian@gmail.com>
- Re: Squeeze, MySQL and hosts.allow and hosts.deny ignored
  - From: Camaleón <noelamac@gmail.com>

References:
- Squeeze, MySQL and hosts.allow and hosts.deny ignored
  - From: Zdenek Herman <zdenek.herman@ille.cz>
- Re: Squeeze, MySQL and hosts.allow and hosts.deny ignored
  - From: Camaleón <noelamac@gmail.com>

Prev by Date: Re: Installing a new HDD and mounting others
Next by Date: [OT] uvesafb + sound hiccup
Previous by thread: Re: Squeeze, MySQL and hosts.allow and hosts.deny ignored
Next by thread: Re: Squeeze, MySQL and hosts.allow and hosts.deny ignored
Index(es):
- Date
- Thread