Page 1 of 1
B3 proftpd ignoring TCP Wrapper /etc/hosts.deny [SOLVED]
Posted: 21 Jan 2013, 04:17
by Cheeseboy
Hi all,
Proftpd on B3 seems to be ignoring the TCP Wrapper files /etc/hosts.deny and /etc/hosts.allow.
My /etc/proftpd/modules.conf has this in it:
So I assume it is compiled with the mod_wrap module.
Even if I specifically set the directive TCPAccessFiles like this in /etc/proftpd/proftpd.conf, it seems to ignore it:
Code: Select all
TCPAccessFiles /etc/hosts.allow /etc/hosts.deny
I've added entries like this to the /etc/hosts.deny to test this, both fail for proftpd. "ALL:" works fine for sshd for example, as you would expect:
Code: Select all
ALL: 118.98.29.30
proftpd: 118.98.29.30
It is running in Standalone mode, which I think is the default on the B3.
Am I missing anything?
Best regards,
Cheeseboy
Re: B3 proftpd ignoring TCP Wrapper /etc/hosts.deny
Posted: 21 Jan 2013, 05:39
by Gordon
According to the Gentoo forum you need to run proftpd from xinetd to make it look at the hosts.allow and hosts.deny files. Apparently you also need to configure xinetd to run proftpd as root, but I don't know if that will actually make it run as root or still allow proftp to switch to the user that is configured in its own conf file.
Re: B3 proftpd ignoring TCP Wrapper /etc/hosts.deny
Posted: 21 Jan 2013, 09:44
by Cheeseboy
Thanks for your reply Gordon.
I saw something like that too, but I don't really want to do it that way.
I managed to get it to work, although it doesn't quite behave like I'd expect (see comments in the code segment below).
I added the following to /etc/proftpd/proftpd.conf:
Code: Select all
# Use TCP Wrapper files /etc/hosts.allow and /etc/hosts.deny
<IfModule mod_wrap2_file.c>
WrapEngine on
WrapTables file:/etc/hosts.allow file:/etc/hosts.deny
# Use the following line for debugging only.
# It will print one line for each line in the hosts files it examines...
WrapLog /var/log/proftpd/wrap2.log
# Without the following line, the server will prompt for username and
# password BEFORE checking hosts.allow/hosts.deny
# Unfortunately it was introduced in version 1.3.4rc1, and B3 ships with
# 1.3.3a
# WrapOptions CheckOnConnect
</IfModule>
Cheers,
Cheeseboy
Re: [SOLVED] B3 proftpd ignoring TCP Wrapper /etc/hosts.deny
Posted: 21 Jan 2013, 13:22
by Gordon
# Without the following line, the server will prompt for username and
# password BEFORE checking hosts.allow/hosts.deny
That may very well be the reason why they mentioned you should run as root. Good to know that the Proftp developers created a fix for it - and of course a shame that the B3 is running an older version.