Bug 181781 - problem with HOSTS.DENY
Summary: problem with HOSTS.DENY
Alias: None
Product: Fedora
Classification: Fedora
Component: tcp_wrappers   
(Show other bugs)
Version: 4
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Tomas Janousek
QA Contact: David Lawrence
Keywords: Security
Depends On:
TreeView+ depends on / blocked
Reported: 2006-02-16 15:36 UTC by ROCHE
Modified: 2007-11-30 22:11 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-04-10 19:40:59 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description ROCHE 2006-02-16 15:36:18 UTC
Description of problem:

I have this file for /etc/hosts.deny:
# hosts.deny	This file describes the names of the hosts which are
#		*not* allowed to use the local INET services, as decided
#		by the '/usr/sbin/tcpd' server.
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow.  In particular
# you should know that NFS uses portmap!

I have this file for /etc/hosts.allow (empty) :
# hosts.allow	This file describes the names of the hosts which are
#		allowed to use the local INET services, as decided
#		by the '/usr/sbin/tcpd' server.

with # ps -aux |grep xinetd
Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.5/FAQ
root      2232  0.0  0.2   2180   556 ?        Ss   16:04   0:00 xinetd
-stayalive -pidfile /var/run/xinetd.pid

with # /sbin/chkconfig --list
services basés sur xinetd :
        chargen:        arrêt
        chargen-udp:    arrêt
        cvs:            arrêt
        daytime:        arrêt
        daytime-udp:    arrêt
        echo:           arrêt
        echo-udp:       arrêt
        eklogin:        arrêt
        gssftp:         arrêt
        klogin:         arrêt
        krb5-telnet:    arrêt
        kshell:         arrêt
        ktalk:          arrêt
        rsync:          arrêt
        swat:           arrêt
        time:           arrêt
        time-udp:       arrêt

- On other computer I can access with SMB, HTTP, ....
- I Can not configure hosts.deny with spawn, ....

Version-Release number of selected component (if applicable):
# uname -r
# rpm -qa |grep tcp_wrappers

How reproducible:

Steps to Reproduce:
Actual results:

Expected results:

Additional info:

Comment 1 Tomas Janousek 2007-01-17 12:12:50 UTC
Do I understand correctly that your problem is that you can't restrict HTTP &
SMB access using hosts.deny?

What is the word "spawn" supposed to mean in the second item of "PROBLEM" ?

Comment 2 Matthew Miller 2007-04-10 19:40:59 UTC
Fedora Core 4 is now completely unmaintained. These bugs can't be fixed in that
version. If the issue still persists in current Fedora Core, please reopen.
Thank you, and sorry about this.

Note You need to log in before you can comment on or make changes to this bug.