[TriLUG] hosts.deny problem

WA Brown brownwa at ftc-i.net
Wed Mar 8 22:24:27 EST 2006 

I am still having a problem. I am listing what my hosts deny file has and 
the report. It only blocked one site. Can you tell me what I have wrong?

WA Brown

My hosts.deny file.
#
# hosts.deny    This file describes the names of the hosts which are
#               *not* allowed to use the local INET services, as decided
#               by the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow.  In particular
# you should know that NFS uses portmap!



     # protocol: IP address or wildcard
        #  smtp: 216.27.9.180
        #  sshd: 70.85.111.114
        #  ALL: .trilug.org

            ALL: 61.134.32.*
            All: 211.171.*.*
            All: 61.220.*.*
            All: 212.71.*.*
            All: 213.179.*.*
            All: 81.25.*.*
            All: 216.180.225.162
            All: 219.107.*.*
            All: 68.3.31.253
            All: 66.228.*.*
            All: 24.162.142.170
            All: 217.174.*.*
            All: 66.70.*.*
            All: 125.248.*.*
            All: 210.241.*.*
            All: 159.169.*.*
            All: 216.228.*.*
            All: 23.13.158.72
            All: 125.*.*.*
            All: 66.235.*.*
            All: 61.31.*.*
            All: 217.37.72.233





My Report
--------------------- pam_unix Begin ------------------------ 

sshd:
  Authentication Failures:
     root (c66-235-35-101.sea2.cablespeed.com): 524 Time(s)
     root (125.244.53.194): 15 Time(s)
     root (host217-37-72-233.in-addr.btopenworld.com): 3 Time(s)
     fax (www.idlsystems.idlsystems.com): 1 Time(s)
     root (kato.ps): 1 Time(s)

su:
  Sessions Opened:
     (uid=0) -> news: 2 Time(s)
     wab(uid=500) -> root: 1 Time(s)

vsftpd:
  Unknown Entries:
     authentication failure; logname= uid=0 euid=0 tty= ruser= 
rhost=219.81.19.30 : 2253 Time(s)
     check pass; user unknown: 2253 Time(s)


---------------------- pam_unix End ------------------------- 


--------------------- sendmail Begin ------------------------ 



Bytes Transferred: 38456
Messages Sent:     4
Total recipients:  4
**Unmatched Entries**
  /etc/hosts.deny, line 13: missing ":" separator: 2 Time(s)
  SYSERR(root): hash map "Alias0": unsafe map file /etc/aliases.db: 
Permission denied: 1 Time(s)
  SYSERR(root): Cannot create database for alias file /etc/aliases: 1 
Time(s)

---------------------- sendmail End ------------------------- 


--------------------- SSHD Begin ------------------------ 


SSHD Started: 1 Time(s)

Failed logins from these:
  fax/password from 66.70.212.220: 2 Time(s)
  root/password from 125.244.53.194: 15 Time(s)
  root/password from 217.37.72.233: 3 Time(s)
  root/password from 61.31.201.116: 1 Time(s)
  root/password from 66.235.35.101: 524 Time(s)

Illegal users from these:
  admin/none from 66.70.212.220: 3 Time(s)
  admin/none from unknown: 3 Time(s)
  andy/none from 66.70.212.220: 1 Time(s)
  andy/none from unknown: 1 Time(s)
  bob/none from 66.70.212.220: 1 Time(s)
  bob/none from unknown: 1 Time(s)
  cisco/none from 66.70.212.220: 1 Time(s)
  cisco/none from unknown: 1 Time(s)
  contact/none from 66.70.212.220: 1 Time(s)
  contact/none from unknown: 1 Time(s)
  cvsroot/none from 66.70.212.220: 1 Time(s)
  cvsroot/none from unknown: 1 Time(s)
  dell/none from 66.70.212.220: 1 Time(s)
  dell/none from unknown: 1 Time(s)
  gnats/none from 66.70.212.220: 1 Time(s)
  gnats/none from unknown: 1 Time(s)
  hosting/none from 66.70.212.220: 1 Time(s)
  hosting/none from unknown: 1 Time(s)
  httpd/none from 66.70.212.220: 1 Time(s)
  httpd/none from unknown: 1 Time(s)
  jabber/none from 66.70.212.220: 1 Time(s)
  jabber/none from unknown: 1 Time(s)
  jason/none from 66.70.212.220: 1 Time(s)
  jason/none from unknown: 1 Time(s)
  joel/none from 66.70.212.220: 1 Time(s)
  joel/none from unknown: 1 Time(s)
  joseph/none from 66.70.212.220: 1 Time(s)
  joseph/none from unknown: 1 Time(s)
  justin/none from 66.70.212.220: 1 Time(s)
  justin/none from unknown: 1 Time(s)
  ken/none from 66.70.212.220: 1 Time(s)
  ken/none from unknown: 1 Time(s)
  kim/none from 66.70.212.220: 1 Time(s)
  kim/none from unknown: 1 Time(s)
  list/none from 66.70.212.220: 1 Time(s)
  list/none from unknown: 1 Time(s)
  marco/none from 66.70.212.220: 1 Time(s)
  marco/none from unknown: 1 Time(s)
  movies/none from 66.70.212.220: 2 Time(s)
  movies/none from unknown: 2 Time(s)
  music/none from 66.70.212.220: 1 Time(s)
  music/none from unknown: 1 Time(s)
  newsletter/none from 66.70.212.220: 1 Time(s)
  newsletter/none from unknown: 1 Time(s)
  nicole/none from 66.70.212.220: 1 Time(s)
  nicole/none from unknown: 1 Time(s)
  oracle/none from 66.70.212.220: 1 Time(s)
  oracle/none from unknown: 1 Time(s)
  peter/none from 66.70.212.220: 1 Time(s)
  peter/none from unknown: 1 Time(s)
  pgsql/none from 66.70.212.220: 1 Time(s)
  pgsql/none from unknown: 1 Time(s)
  pictures/none from 66.70.212.220: 2 Time(s)
  pictures/none from unknown: 2 Time(s)
  portal/none from 66.70.212.220: 1 Time(s)
  portal/none from unknown: 1 Time(s)
  ricardo/none from 66.70.212.220: 1 Time(s)
  ricardo/none from unknown: 1 Time(s)
  sales/none from 66.70.212.220: 1 Time(s)
  sales/none from unknown: 1 Time(s)
  sites/none from 66.70.212.220: 1 Time(s)
  sites/none from unknown: 1 Time(s)
  soft/none from 66.70.212.220: 1 Time(s)
  soft/none from unknown: 1 Time(s)
  software/none from 66.70.212.220: 1 Time(s)
  software/none from unknown: 1 Time(s)
  sourceforge/none from 66.70.212.220: 1 Time(s)
  sourceforge/none from unknown: 1 Time(s)
  spam/none from 66.70.212.220: 3 Time(s)
  spam/none from unknown: 3 Time(s)
  stats/none from 66.70.212.220: 1 Time(s)
  stats/none from unknown: 1 Time(s)
  steve/none from 66.70.212.220: 1 Time(s)
  steve/none from unknown: 1 Time(s)
  store/none from 66.70.212.220: 1 Time(s)
  store/none from unknown: 1 Time(s)
  support/none from 66.70.212.220: 1 Time(s)
  support/none from unknown: 1 Time(s)
  tech/none from 66.70.212.220: 2 Time(s)
  tech/none from unknown: 2 Time(s)
  test/none from 66.70.212.220: 4 Time(s)
  test/none from unknown: 4 Time(s)
  test1/none from 66.70.212.220: 4 Time(s)
  test1/none from unknown: 4 Time(s)
  test1234/none from 66.70.212.220: 1 Time(s)
  test1234/none from unknown: 1 Time(s)
  tester/none from 66.70.212.220: 1 Time(s)
  tester/none from unknown: 1 Time(s)
  testing/none from 66.70.212.220: 3 Time(s)
  testing/none from unknown: 3 Time(s)
  testuser/none from 66.70.212.220: 1 Time(s)
  testuser/none from unknown: 1 Time(s)
  tv/none from 66.70.212.220: 2 Time(s)
  tv/none from unknown: 2 Time(s)
  upload/none from 66.70.212.220: 2 Time(s)
  upload/none from unknown: 2 Time(s)
  uploader/none from 66.70.212.220: 6 Time(s)
  uploader/none from unknown: 6 Time(s)
  uploader1/none from 66.70.212.220: 1 Time(s)
  uploader1/none from unknown: 1 Time(s)
  user2/none from 66.70.212.220: 1 Time(s)
  user2/none from unknown: 1 Time(s)
  webadmin/none from 66.70.212.220: 1 Time(s)
  webadmin/none from unknown: 1 Time(s)
  websites/none from 66.70.212.220: 2 Time(s)
  websites/none from unknown: 2 Time(s)

Users logging in through sshd:
  wab:
     216.218.108.208: 2 times

Refused incoming connections:
     61.134.32.18 (61.134.32.18): 1 Time(s)

**Unmatched Entries**
warning: /etc/hosts.deny, line 13: missing ":" separator
warning: /etc/hosts.deny, line 13: missing ":" separator

---------------------- SSHD End -------------------------

More information about the TriLUG mailing list