Bug 178813 - Logging via syslog for allow entries fails
Logging via syslog for allow entries fails
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: tcp_wrappers (Show other bugs)
4.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Tomas Janousek
David Lawrence
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-01-24 10:31 EST by John Horne
Modified: 2007-11-30 17:07 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-01-23 04:29:22 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description John Horne 2006-01-24 10:31:04 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050922 Fedora/1.0.7-1.1.fc4 Firefox/1.0.7

Description of problem:
In /etc/hosts.allow I have:

   sshd : 141.163. : severity daemon.warning : ALLOW

In /etc/syslog.conf I have:

   daemon.notice                /var/log/daemon

Accessing ssh from within 141.163 does not get the connection attempt logged by TCP wrappers. I have tried this with the exim MTA too and the same happens (nothing logged). Any 'deny' configuration seems to get the attempt logged correctly, it is just the 'allow' ones that don't seem to get logged.

The same problem occurs on Fedora Core 4 as well.



John.

Version-Release number of selected component (if applicable):
tcp_wrappers-7.6-37.2

How reproducible:
Always

Steps to Reproduce:
1. Configure /etc/hosts.allow with an 'allow' entry as above.
2. Configure /etc/syslog.conf to log the relevant priority to a file (and restart syslogd).
3. Attempt to connect to the server from the given IP range.
  

Actual Results:  Nothing gets logged in the configured log file (or any other log file that I can see).

Expected Results:  An entry should get logged to the log file saying that a user has been given access by the TCP daemon.

Additional info:

Other rpm versions involved:

openssh-server-3.9p1-8.RHEL4.9
setup-2.5.37-1.3
Comment 1 Tomas Janousek 2007-01-17 07:46:51 EST
The tcp_wrappers do no logging at all. It's up to the individual services to log
things.
Comment 3 John Horne 2007-01-22 12:53:52 EST
Yes, it seems so. I have looked at this again this afternoon. Using 'severity'
in the hosts.allow file generally seems to be ignored. Sshd will log users
allowed to connect, but using the facility/severity specified in the
/etc/ssh/sshd_config file. Exim doesn't seem to log allowed connections at all,
despite allowing connections to be controlled by tcp_wrappers.

I'm sorry to have wasted your time over this. I shall close the call.

John.

-- Hmm, well I tried to close the call. I kept getting an error saying that only
the owner or submitter of the bug can close the call. I am the submitter, am
logged in to bugzilla, but it isn't letting me close it. Someone else will have
to do that. Sorry.

Note You need to log in before you can comment on or make changes to this bug.