[TriLUG] hosts.deny problem FIXED!!!!!
WA Brown
brownwa at ftc-i.net
Wed Mar 8 23:41:08 EST 2006
I think I found the problem!! Whhohhooo!!!! The report said the top one in
the list was refused but not the rest. the top one is ALL CAPS! I missed
that!! I think that will fix the problem!!!
WA Brown
> # The portmap line is redundant, but it is left to remind you that
> # the new secure portmap uses hosts.deny and hosts.allow. In particular
> # you should know that NFS uses portmap!
>
>
>
> # protocol: IP address or wildcard
> # smtp: 216.27.9.180
> # sshd: 70.85.111.114
> # ALL: .trilug.org
>
> ALL: 61.134.32.*
> All: 211.171.*.*
> All: 61.220.*.*
> All: 212.71.*.*
> All: 213.179.*.*
> All: 81.25.*.*
> All: 216.180.225.162
> All: 219.107.*.*
> All: 68.3.31.253
> All: 66.228.*.*
> All: 24.162.142.170
> All: 217.174.*.*
> All: 66.70.*.*
> All: 125.248.*.*
> All: 210.241.*.*
> All: 159.169.*.*
> All: 216.228.*.*
> All: 23.13.158.72
> All: 125.*.*.*
> All: 66.235.*.*
> All: 61.31.*.*
> All: 217.37.72.233
>
>
>
>
>
> My Report
> --------------------- pam_unix Begin ------------------------
>
> sshd:
> Authentication Failures:
> root (c66-235-35-101.sea2.cablespeed.com): 524 Time(s)
> root (125.244.53.194): 15 Time(s)
> root (host217-37-72-233.in-addr.btopenworld.com): 3 Time(s)
> fax (www.idlsystems.idlsystems.com): 1 Time(s)
> root (kato.ps): 1 Time(s)
>
> su:
> Sessions Opened:
> (uid=0) -> news: 2 Time(s)
> wab(uid=500) -> root: 1 Time(s)
>
> vsftpd:
> Unknown Entries:
> authentication failure; logname= uid=0 euid=0 tty= ruser=
> rhost=219.81.19.30 : 2253 Time(s)
> check pass; user unknown: 2253 Time(s)
>
>
> ---------------------- pam_unix End -------------------------
>
>
> --------------------- sendmail Begin ------------------------
>
>
>
> Bytes Transferred: 38456
> Messages Sent: 4
> Total recipients: 4
> **Unmatched Entries**
> /etc/hosts.deny, line 13: missing ":" separator: 2 Time(s)
> SYSERR(root): hash map "Alias0": unsafe map file /etc/aliases.db:
> Permission denied: 1 Time(s)
> SYSERR(root): Cannot create database for alias file /etc/aliases: 1
> Time(s)
>
> ---------------------- sendmail End -------------------------
>
>
> --------------------- SSHD Begin ------------------------
>
>
> SSHD Started: 1 Time(s)
>
> Failed logins from these:
> fax/password from 66.70.212.220: 2 Time(s)
> root/password from 125.244.53.194: 15 Time(s)
> root/password from 217.37.72.233: 3 Time(s)
> root/password from 61.31.201.116: 1 Time(s)
> root/password from 66.235.35.101: 524 Time(s)
>
> Illegal users from these:
> admin/none from 66.70.212.220: 3 Time(s)
> admin/none from unknown: 3 Time(s)
> andy/none from 66.70.212.220: 1 Time(s)
> andy/none from unknown: 1 Time(s)
> bob/none from 66.70.212.220: 1 Time(s)
> bob/none from unknown: 1 Time(s)
> cisco/none from 66.70.212.220: 1 Time(s)
> cisco/none from unknown: 1 Time(s)
> contact/none from 66.70.212.220: 1 Time(s)
> contact/none from unknown: 1 Time(s)
> cvsroot/none from 66.70.212.220: 1 Time(s)
> cvsroot/none from unknown: 1 Time(s)
> dell/none from 66.70.212.220: 1 Time(s)
> dell/none from unknown: 1 Time(s)
> gnats/none from 66.70.212.220: 1 Time(s)
> gnats/none from unknown: 1 Time(s)
> hosting/none from 66.70.212.220: 1 Time(s)
> hosting/none from unknown: 1 Time(s)
> httpd/none from 66.70.212.220: 1 Time(s)
> httpd/none from unknown: 1 Time(s)
> jabber/none from 66.70.212.220: 1 Time(s)
> jabber/none from unknown: 1 Time(s)
> jason/none from 66.70.212.220: 1 Time(s)
> jason/none from unknown: 1 Time(s)
> joel/none from 66.70.212.220: 1 Time(s)
> joel/none from unknown: 1 Time(s)
> joseph/none from 66.70.212.220: 1 Time(s)
> joseph/none from unknown: 1 Time(s)
> justin/none from 66.70.212.220: 1 Time(s)
> justin/none from unknown: 1 Time(s)
> ken/none from 66.70.212.220: 1 Time(s)
> ken/none from unknown: 1 Time(s)
> kim/none from 66.70.212.220: 1 Time(s)
> kim/none from unknown: 1 Time(s)
> list/none from 66.70.212.220: 1 Time(s)
> list/none from unknown: 1 Time(s)
> marco/none from 66.70.212.220: 1 Time(s)
> marco/none from unknown: 1 Time(s)
> movies/none from 66.70.212.220: 2 Time(s)
> movies/none from unknown: 2 Time(s)
> music/none from 66.70.212.220: 1 Time(s)
> music/none from unknown: 1 Time(s)
> newsletter/none from 66.70.212.220: 1 Time(s)
> newsletter/none from unknown: 1 Time(s)
> nicole/none from 66.70.212.220: 1 Time(s)
> nicole/none from unknown: 1 Time(s)
> oracle/none from 66.70.212.220: 1 Time(s)
> oracle/none from unknown: 1 Time(s)
> peter/none from 66.70.212.220: 1 Time(s)
> peter/none from unknown: 1 Time(s)
> pgsql/none from 66.70.212.220: 1 Time(s)
> pgsql/none from unknown: 1 Time(s)
> pictures/none from 66.70.212.220: 2 Time(s)
> pictures/none from unknown: 2 Time(s)
> portal/none from 66.70.212.220: 1 Time(s)
> portal/none from unknown: 1 Time(s)
> ricardo/none from 66.70.212.220: 1 Time(s)
> ricardo/none from unknown: 1 Time(s)
> sales/none from 66.70.212.220: 1 Time(s)
> sales/none from unknown: 1 Time(s)
> sites/none from 66.70.212.220: 1 Time(s)
> sites/none from unknown: 1 Time(s)
> soft/none from 66.70.212.220: 1 Time(s)
> soft/none from unknown: 1 Time(s)
> software/none from 66.70.212.220: 1 Time(s)
> software/none from unknown: 1 Time(s)
> sourceforge/none from 66.70.212.220: 1 Time(s)
> sourceforge/none from unknown: 1 Time(s)
> spam/none from 66.70.212.220: 3 Time(s)
> spam/none from unknown: 3 Time(s)
> stats/none from 66.70.212.220: 1 Time(s)
> stats/none from unknown: 1 Time(s)
> steve/none from 66.70.212.220: 1 Time(s)
> steve/none from unknown: 1 Time(s)
> store/none from 66.70.212.220: 1 Time(s)
> store/none from unknown: 1 Time(s)
> support/none from 66.70.212.220: 1 Time(s)
> support/none from unknown: 1 Time(s)
> tech/none from 66.70.212.220: 2 Time(s)
> tech/none from unknown: 2 Time(s)
> test/none from 66.70.212.220: 4 Time(s)
> test/none from unknown: 4 Time(s)
> test1/none from 66.70.212.220: 4 Time(s)
> test1/none from unknown: 4 Time(s)
> test1234/none from 66.70.212.220: 1 Time(s)
> test1234/none from unknown: 1 Time(s)
> tester/none from 66.70.212.220: 1 Time(s)
> tester/none from unknown: 1 Time(s)
> testing/none from 66.70.212.220: 3 Time(s)
> testing/none from unknown: 3 Time(s)
> testuser/none from 66.70.212.220: 1 Time(s)
> testuser/none from unknown: 1 Time(s)
> tv/none from 66.70.212.220: 2 Time(s)
> tv/none from unknown: 2 Time(s)
> upload/none from 66.70.212.220: 2 Time(s)
> upload/none from unknown: 2 Time(s)
> uploader/none from 66.70.212.220: 6 Time(s)
> uploader/none from unknown: 6 Time(s)
> uploader1/none from 66.70.212.220: 1 Time(s)
> uploader1/none from unknown: 1 Time(s)
> user2/none from 66.70.212.220: 1 Time(s)
> user2/none from unknown: 1 Time(s)
> webadmin/none from 66.70.212.220: 1 Time(s)
> webadmin/none from unknown: 1 Time(s)
> websites/none from 66.70.212.220: 2 Time(s)
> websites/none from unknown: 2 Time(s)
>
> Users logging in through sshd:
> wab:
> 216.218.108.208: 2 times
>
> Refused incoming connections:
> 61.134.32.18 (61.134.32.18): 1 Time(s)
>
> **Unmatched Entries**
> warning: /etc/hosts.deny, line 13: missing ":" separator
> warning: /etc/hosts.deny, line 13: missing ":" separator
>
> ---------------------- SSHD End -------------------------
>
>
> --
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>
More information about the TriLUG
mailing list