Disabling autodefinition of hosts.deny file

[Guest Jesus J. Robles]

I have just now set up a free mandriva 2006 box. In the box I have placed an Helix Server, and maybe some of you know the nightmare of ports it means for firewall configuration.

 

I used to work with mandrake in the last, but the last distro I played hardly with it was the 9.3. Now I have noticed a new behaviour very inadecuated for me. I can modify as usual the hosts.deny and hosts.allow files, but some definition produces that sometimes the host.deny is automatically filled with an awfull "ALL:ALL but 127.0.0.1:DENY" line, that produces most of the dameon functions to become unaccessible.

 

I do not need such paranoid configuration (I already got my firewall configured to decide which ports are accesible to which hosts), and I have many services running that have to be open to many different addresses, most of them variable. I do not want to repeat the process I had to suffer to set up the firewall again, and so I have placed a fine "ALL:ALL:ALLOW" in my hosts.allow file, producing a stupid dual oppositing configuration.

 

I have been looking the service or process that from time to time decide to reset my hosts.deny file, and was not able to find it. I suspect the "draksec" script would have something to say about it, but the fact is that such program requires graphical environment, and I have no X support instaled in that box (and do not need it, and have no intention to... it is intended to work alone as a server. - By the way... someone should tell the development guys about developing a full configuration system based on text, like the ones we get in SuSE, Fedora and most others). So, I have no chance to use it.

 

So the question is... what should I change where to avoid this automatic redefinition of hosts.deny?

[jboy]

Take a look at this configuration script: /usr/share/msec/libmsec.py

 

It looks like you can control what msec does to /etc/hosts.deny by modifying that script according to your needs.