Guest Jesus J. Robles Posted July 7, 2006 Report Share Posted July 7, 2006 I have just now set up a free mandriva 2006 box. In the box I have placed an Helix Server, and maybe some of you know the nightmare of ports it means for firewall configuration. I used to work with mandrake in the last, but the last distro I played hardly with it was the 9.3. Now I have noticed a new behaviour very inadecuated for me. I can modify as usual the hosts.deny and hosts.allow files, but some definition produces that sometimes the host.deny is automatically filled with an awfull "ALL:ALL but 127.0.0.1:DENY" line, that produces most of the dameon functions to become unaccessible. I do not need such paranoid configuration (I already got my firewall configured to decide which ports are accesible to which hosts), and I have many services running that have to be open to many different addresses, most of them variable. I do not want to repeat the process I had to suffer to set up the firewall again, and so I have placed a fine "ALL:ALL:ALLOW" in my hosts.allow file, producing a stupid dual oppositing configuration. I have been looking the service or process that from time to time decide to reset my hosts.deny file, and was not able to find it. I suspect the "draksec" script would have something to say about it, but the fact is that such program requires graphical environment, and I have no X support instaled in that box (and do not need it, and have no intention to... it is intended to work alone as a server. - By the way... someone should tell the development guys about developing a full configuration system based on text, like the ones we get in SuSE, Fedora and most others). So, I have no chance to use it. So the question is... what should I change where to avoid this automatic redefinition of hosts.deny? Quote Link to comment Share on other sites More sharing options...
jboy Posted July 7, 2006 Report Share Posted July 7, 2006 Take a look at this configuration script: /usr/share/msec/libmsec.py It looks like you can control what msec does to /etc/hosts.deny by modifying that script according to your needs. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.