178813 – Logging via syslog for allow entries fails

Bug 178813 - Logging via syslog for allow entries fails

Summary: Logging via syslog for allow entries fails

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Red Hat Enterprise Linux 4
Classification:	Red Hat
Component:	tcp_wrappers
Sub Component:
Version:	4.0
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	---
Assignee:	Tomas Janousek
QA Contact:	David Lawrence
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2006-01-24 15:31 UTC by John Horne
Modified:	2007-11-30 22:07 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2007-01-23 09:29:22 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description John Horne 2006-01-24 15:31:04 UTC

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050922 Fedora/1.0.7-1.1.fc4 Firefox/1.0.7

Description of problem:
In /etc/hosts.allow I have:

   sshd : 141.163. : severity daemon.warning : ALLOW

In /etc/syslog.conf I have:

   daemon.notice                /var/log/daemon

Accessing ssh from within 141.163 does not get the connection attempt logged by TCP wrappers. I have tried this with the exim MTA too and the same happens (nothing logged). Any 'deny' configuration seems to get the attempt logged correctly, it is just the 'allow' ones that don't seem to get logged.

The same problem occurs on Fedora Core 4 as well.



John.

Version-Release number of selected component (if applicable):
tcp_wrappers-7.6-37.2

How reproducible:
Always

Steps to Reproduce:
1. Configure /etc/hosts.allow with an 'allow' entry as above.
2. Configure /etc/syslog.conf to log the relevant priority to a file (and restart syslogd).
3. Attempt to connect to the server from the given IP range.
  

Actual Results:  Nothing gets logged in the configured log file (or any other log file that I can see).

Expected Results:  An entry should get logged to the log file saying that a user has been given access by the TCP daemon.

Additional info:

Other rpm versions involved:

openssh-server-3.9p1-8.RHEL4.9
setup-2.5.37-1.3

Comment 1 Tomas Janousek 2007-01-17 12:46:51 UTC

The tcp_wrappers do no logging at all. It's up to the individual services to log
things.

Comment 3 John Horne 2007-01-22 17:53:52 UTC

Yes, it seems so. I have looked at this again this afternoon. Using 'severity'
in the hosts.allow file generally seems to be ignored. Sshd will log users
allowed to connect, but using the facility/severity specified in the
/etc/ssh/sshd_config file. Exim doesn't seem to log allowed connections at all,
despite allowing connections to be controlled by tcp_wrappers.

I'm sorry to have wasted your time over this. I shall close the call.

John.

-- Hmm, well I tried to close the call. I kept getting an error saying that only
the owner or submitter of the bug can close the call. I am the submitter, am
logged in to bugzilla, but it isn't letting me close it. Someone else will have
to do that. Sorry.

Note You need to log in before you can comment on or make changes to this bug.