Re: Squeeze, MySQL and hosts.allow and hosts.deny ignored
On Mon, 09 Jul 2012 20:11:10 +0200, Zdenek Herman wrote:
(please, reply at the bottom)
> Dne 9.7.2012 16:52, Camaleón napsal(a):
>> On Sun, 08 Jul 2012 22:26:11 +0200, Zdenek Herman wrote:
>>
>> (...)
>>
>>> When I set hosts.deny ALL: ALL and hosts.allow is empty. I can allow
>>> connect to MySQL from anywhere - settings in hosts.allow and
>>> hosts.deny are ignored.
>> (...)
>>
>> I wonder if you aren't just missing the daemon to filter (mysqld) :-?
>>
>> cat /etc/hosts.deny
> My hosts.deny
(...)
> ALL: ALL : spawn ( echo $(date '+%%d.%%m.%%y %%T') access DENIED from %u@%h [%a] >> /var/log/tcp_wrapper/%d.log ) &
(...)
> My hosts.allow
(...)
> sshd: 192.168.1.1 \
> : spawn ( echo $(date '+%%d.%%m.%%y %%T') access ALLOWED from %u@%h [%a] >> /var/log/tcp_wrapper/%d.log ) &
And you said this was working for the sshd service, right?
> I tested with mysqld: ALL in hosts.deny too.
Well, that should prevent connections coming from the same host (localhost)
unless you explicitely allow it from the hosts.allow, that has preference.
I don't know why does not work for you. Take a look into this article that
shows a few samples for using mysql with tcp wrappers:
http://www.unixmen.com/securing-services-with-tcp-wrappers/
And also read the manual ("man hosts_options"), maybe we are omitting
something obvious...
Greetings,
--
Camaleón
Reply to: