Bug 178813

Summary: Logging via syslog for allow entries fails
Product: Red Hat Enterprise Linux 4 Reporter: John Horne <john.horne>
Component: tcp_wrappersAssignee: Tomas Janousek <tjanouse>
Status: CLOSED NOTABUG QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: medium    
Version: 4.0CC: tjanouse
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-01-23 09:29:22 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description John Horne 2006-01-24 15:31:04 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050922 Fedora/1.0.7-1.1.fc4 Firefox/1.0.7

Description of problem:
In /etc/hosts.allow I have:

   sshd : 141.163. : severity daemon.warning : ALLOW

In /etc/syslog.conf I have:

   daemon.notice                /var/log/daemon

Accessing ssh from within 141.163 does not get the connection attempt logged by TCP wrappers. I have tried this with the exim MTA too and the same happens (nothing logged). Any 'deny' configuration seems to get the attempt logged correctly, it is just the 'allow' ones that don't seem to get logged.

The same problem occurs on Fedora Core 4 as well.



John.

Version-Release number of selected component (if applicable):
tcp_wrappers-7.6-37.2

How reproducible:
Always

Steps to Reproduce:
1. Configure /etc/hosts.allow with an 'allow' entry as above.
2. Configure /etc/syslog.conf to log the relevant priority to a file (and restart syslogd).
3. Attempt to connect to the server from the given IP range.
  

Actual Results:  Nothing gets logged in the configured log file (or any other log file that I can see).

Expected Results:  An entry should get logged to the log file saying that a user has been given access by the TCP daemon.

Additional info:

Other rpm versions involved:

openssh-server-3.9p1-8.RHEL4.9
setup-2.5.37-1.3
Comment 1 Tomas Janousek 2007-01-17 12:46:51 UTC 
The tcp_wrappers do no logging at all. It's up to the individual services to log
things.
Comment 3 John Horne 2007-01-22 17:53:52 UTC 
Yes, it seems so. I have looked at this again this afternoon. Using 'severity'
in the hosts.allow file generally seems to be ignored. Sshd will log users
allowed to connect, but using the facility/severity specified in the
/etc/ssh/sshd_config file. Exim doesn't seem to log allowed connections at all,
despite allowing connections to be controlled by tcp_wrappers.

I'm sorry to have wasted your time over this. I shall close the call.

John.

-- Hmm, well I tried to close the call. I kept getting an error saying that only
the owner or submitter of the bug can close the call. I am the submitter, am
logged in to bugzilla, but it isn't letting me close it. Someone else will have
to do that. Sorry.