From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050922 Fedora/1.0.7-1.1.fc4 Firefox/1.0.7 Description of problem: In /etc/hosts.allow I have: sshd : 141.163. : severity daemon.warning : ALLOW In /etc/syslog.conf I have: daemon.notice /var/log/daemon Accessing ssh from within 141.163 does not get the connection attempt logged by TCP wrappers. I have tried this with the exim MTA too and the same happens (nothing logged). Any 'deny' configuration seems to get the attempt logged correctly, it is just the 'allow' ones that don't seem to get logged. The same problem occurs on Fedora Core 4 as well. John. Version-Release number of selected component (if applicable): tcp_wrappers-7.6-37.2 How reproducible: Always Steps to Reproduce: 1. Configure /etc/hosts.allow with an 'allow' entry as above. 2. Configure /etc/syslog.conf to log the relevant priority to a file (and restart syslogd). 3. Attempt to connect to the server from the given IP range. Actual Results: Nothing gets logged in the configured log file (or any other log file that I can see). Expected Results: An entry should get logged to the log file saying that a user has been given access by the TCP daemon. Additional info: Other rpm versions involved: openssh-server-3.9p1-8.RHEL4.9 setup-2.5.37-1.3
The tcp_wrappers do no logging at all. It's up to the individual services to log things.
Yes, it seems so. I have looked at this again this afternoon. Using 'severity' in the hosts.allow file generally seems to be ignored. Sshd will log users allowed to connect, but using the facility/severity specified in the /etc/ssh/sshd_config file. Exim doesn't seem to log allowed connections at all, despite allowing connections to be controlled by tcp_wrappers. I'm sorry to have wasted your time over this. I shall close the call. John. -- Hmm, well I tried to close the call. I kept getting an error saying that only the owner or submitter of the bug can close the call. I am the submitter, am logged in to bugzilla, but it isn't letting me close it. Someone else will have to do that. Sorry.