You are not logged in.
- Topics: Active | Unanswered
#1 2010-02-20 16:52:53
- xnovako2
- Member
- Registered: 2010-02-20
- Posts: 2
hosts.allow option spawn parameter not work
Hi,
I would like to use BlockHosts and spawn it with spawn keyword from hosts:allow, but option parameter does nothing for me.
I tried several configurations with different sshd entries and results are below
hosts.deny:
ALL:ALL:DENY
With hosts.allow:
sshd:ALL
I can connect to sshd.
With hosts.allow:
sshd:ALL:DENY
I can still connect to sshd. But I do not know why.
With hosts.allow:
sshd:ALL:spawn (echo "some tries to log" >> /var/tmp/sshd.tmp)
I can connect but nothing is written to temporary log file.
With empty hosts:allow I cannot connect to sshd.
I cannot find any clue, from man entry everything seems clear, but it does not work as it is written in doc.
Thanks,
Ondra
Last edited by xnovako2 (2010-02-20 16:53:23)
Offline
#2 2010-02-20 18:24:06
- Sin.citadel
- Member
- Registered: 2008-01-22
- Posts: 267
Re: hosts.allow option spawn parameter not work
the Access files are read in order of /etc/hosts.allow, and /etc/hosts.deny
by default, /etc/hosts.deny contains ALL:ALL:DENY, only the first two are important, then third DENY is the placeholder for shell scripts, only the first two are considered, so ALL:ALL means that all daemons for all connections will not be allowed access, you can specifically add a specific service like sshd using sshd:ALL in /etc/hosts.allow to allow access.
sshd:ALL:DENY, the DENY part is the place where you should put the location of your shell script (absolute path), writing DENY will not deny it access
http://linux.die.net/man/5/hosts.allow
use the above link for a complete help on this.
Offline
#3 2010-02-20 18:32:29
- xnovako2
- Member
- Registered: 2010-02-20
- Posts: 2
Re: hosts.allow option spawn parameter not work
I'm sorry I read probably old version of man pages about tcp_wrapper 
Thanks for your post.
It works as you wrote.
Offline