Red Hat Bugzilla – Bug 44832
nmap -O crashes system if linuxconf-web enabled
Last modified: 2007-03-26 23:45:46 EDT
Description of Problem:
If you use a common security notify script in hosts.allow/ deny and enable linuxconf it will crash
xinetd after filling syslog and generating numerous emails for only one port connection where it
should have only sent one email.
This was tested against the latest version of xinetd as supplied by Red Hat errata. This was tested
against the version of linuxconf as supplied for RH7.1 and against the official linuxoconf release.
Configure network access in linuxconf (this really doesnt matter, you can declare the entire netblock
or a single IP)
Have the following scripts installed
# hosts.allow This file describes the names of the hosts which are
# allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
ALL : 127.0.0.1
ALL : 192.168.1. EXCEPT 192.168.1.1
(modify for local IP's)
ALL : ALL: spawn (echo Probe from %h to %d at `date` | tee -a /var/log/tcpdeny.log |mail -s IDS_alert! root|beep )
(note this is a commonly available security script, not of my own invention, a google search will show
roughly 78 pages/entries).I only added the beep program.
eg: redhat-digest Digest V00 #679 22 Jun 2000 17:18:10 -0000
"Date: Thu, 22 Jun 2000 12:03:36 -0400 (EDT)
From: "Michael J. McGillick" <email@example.com>
Subject: Re: ftp not working
Add the following line to your /etc/hosts.deny file:
ALL: ALL: spawn (echo "Access denied from %u@%h using %d." | mail root)
This will mail the root account on your machine to let you know if a
particular IP address tried to access one of the services on your machine,
and they weren't listeed in /etc/hosts.allow. This should help you track
down if the problem is that you simply didn't add the machine you're
trying to ftp in from to hosts.allow, or if the problem is not related to
TCP wrappers, but something else.
Steps to Reproduce:
1. Follow all the steps above
2. Run nmap -O against the test machine
3. Watch the bad stuff happen
The system starts sending repeated email alerts even after nmap has finished, load average
jumped to 7, linuxconf terminates, xinetd loops on the error and fills up the syslog. I still
have to get the call trace that happened.
This security script normally generates 1 email for each connection not 1294 ( number that I got
before I restarted xinetd.
Normally when I run nmap against this system I get 4(total) messages for telnet,pop3,ftp and imap
Xinetd is still not playing nice with linuxconf. While I understand that linuxconf is depreciated it still
was release as part of RH7.1
System misconfiguration - make sure to limit the rates at which you get mailed.
I think this is a mistake to close this bug report. Setting /etc/hosts.deny to
ALL : ALL
generates about a screenfull of errors. While not as traumatic as the mailer
still indicates that this is a bug.
A single request from an invalid location, a single TCP connection generated
35 messages. For sure it is bogus. The whole point of this bug report is
not about receiving one mail (or whatever) per rejected connection, but
getting an enormous amount, for very few, ultimatly confusing xinetd.