FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 07-08-2012, 08:26 PM
Zdenek Herman
 
Default Squeeze, MySQL and hosts.allow and hosts.deny ignored

Hello
I have problem with MySQL and control access by TCP wrapper in Debian
Squeeze.

MySQL is compiled correctly with libwrap library:

ldd /usr/sbin/mysqld | grep libwrap
libwrap.so.0 => /lib/libwrap.so.0 (0x00007f145d28d000)

When I set hosts.deny ALL: ALL and hosts.allow is empty.
I can allow connect to MySQL from anywhere - settings in hosts.allow and
hosts.deny are ignored.


Yes - I can solve by iptables or directly from MySQL grantes but
wrappers have more futures (logging all connects) and quickly configuration.


For example my SSHd works correctly with TCP wrapper.

Please where can be problem ?

Thanks

--

Zdenek Herman
zdenek.herman@ille.cz


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Archive: 4FF9ECE3.2000805@ille.cz">http://lists.debian.org/4FF9ECE3.2000805@ille.cz
 
Old 07-09-2012, 02:52 PM
Camaleón
 
Default Squeeze, MySQL and hosts.allow and hosts.deny ignored

On Sun, 08 Jul 2012 22:26:11 +0200, Zdenek Herman wrote:

(...)

> When I set hosts.deny ALL: ALL and hosts.allow is empty. I can allow
> connect to MySQL from anywhere - settings in hosts.allow and hosts.deny
> are ignored.

(...)

I wonder if you aren't just missing the daemon to filter (mysqld) :-?

cat /etc/hosts.deny

Greetings,

--
Camaleón


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/jter7u$sc9$12@dough.gmane.org
 
Old 07-09-2012, 06:11 PM
Zdenek Herman
 
Default Squeeze, MySQL and hosts.allow and hosts.deny ignored

My hosts.deny
# /etc/hosts.deny: list of hosts that are _not_ allowed to access the
system.
# See the manual pages hosts_access(5) and
hosts_options(5).

#
# Example: ALL: some.host.name, .some.domain
# ALL EXCEPT in.fingerd: other.host.name, .other.domain
#
# If you're going to protect the portmapper use the name "portmap" for the
# daemon name. Remember that you can only use the keyword "ALL" and IP
# addresses (NOT host or domain names) for the portmapper, as well as for
# rpc.mountd (the NFS mount daemon). See portmap(8) and rpc.mountd(8)
# for further information.
#
# The PARANOID wildcard matches any host whose name does not match its
# address.
#
# You may wish to enable this to ensure any programs that don't
# validate looked up hostnames still leave understandable logs. In past
# versions of Debian this has been the default.
# ALL: PARANOID
ALL: ALL : spawn ( echo $(date '+%%d.%%m.%%y %%T') access DENIED from
%u@%h [%a] >> /var/log/tcp_wrapper/%d.log ) &


My hosts.allow
# /etc/hosts.allow: list of hosts that are allowed to access the system.
# See the manual pages hosts_access(5) and
hosts_options(5).

#
# Example: ALL: LOCAL @some_netgroup
# ALL: .foobar.edu EXCEPT terminalserver.foobar.edu
#
# If you're going to protect the portmapper use the name "portmap" for the
# daemon name. Remember that you can only use the keyword "ALL" and IP
# addresses (NOT host or domain names) for the portmapper, as well as for
# rpc.mountd (the NFS mount daemon). See portmap(8) and rpc.mountd(8)
# for further information.
#
sshd: 192.168.1.1
: spawn ( echo $(date '+%%d.%%m.%%y %%T') access ALLOWED from %u@%h
[%a] >> /var/log/tcp_wrapper/%d.log ) &




I tested with mysqld: ALL in hosts.deny too.

Thanks for help

Zdenek Herman
zdenek.herman@ille.cz

Dne 9.7.2012 16:52, Camaleón napsal(a):

On Sun, 08 Jul 2012 22:26:11 +0200, Zdenek Herman wrote:

(...)


When I set hosts.deny ALL: ALL and hosts.allow is empty. I can allow
connect to MySQL from anywhere - settings in hosts.allow and hosts.deny
are ignored.

(...)

I wonder if you aren't just missing the daemon to filter (mysqld) :-?

cat /etc/hosts.deny

Greetings,





--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4FFB1EBE.70603@ille.cz">http://lists.debian.org/4FFB1EBE.70603@ille.cz
 
Old 07-10-2012, 04:46 AM
Kushal Kumaran
 
Default Squeeze, MySQL and hosts.allow and hosts.deny ignored

On Mon, Jul 9, 2012 at 11:41 PM, Zdenek Herman <zdenek.herman@ille.cz> wrote:
> My hosts.deny
> # /etc/hosts.deny: list of hosts that are _not_ allowed to access the
> system.
> # See the manual pages hosts_access(5) and
> hosts_options(5).
> #
> # Example: ALL: some.host.name, .some.domain
> # ALL EXCEPT in.fingerd: other.host.name, .other.domain
> #
> # If you're going to protect the portmapper use the name "portmap" for the
> # daemon name. Remember that you can only use the keyword "ALL" and IP
> # addresses (NOT host or domain names) for the portmapper, as well as for
> # rpc.mountd (the NFS mount daemon). See portmap(8) and rpc.mountd(8)
> # for further information.
> #
> # The PARANOID wildcard matches any host whose name does not match its
> # address.
> #
> # You may wish to enable this to ensure any programs that don't
> # validate looked up hostnames still leave understandable logs. In past
> # versions of Debian this has been the default.
> # ALL: PARANOID
> ALL: ALL : spawn ( echo $(date '+%%d.%%m.%%y %%T') access DENIED from %u@%h
> [%a] >> /var/log/tcp_wrapper/%d.log ) &
>
> My hosts.allow
> # /etc/hosts.allow: list of hosts that are allowed to access the system.
> # See the manual pages hosts_access(5) and
> hosts_options(5).
> #
> # Example: ALL: LOCAL @some_netgroup
> # ALL: .foobar.edu EXCEPT terminalserver.foobar.edu
> #
> # If you're going to protect the portmapper use the name "portmap" for the
> # daemon name. Remember that you can only use the keyword "ALL" and IP
> # addresses (NOT host or domain names) for the portmapper, as well as for
> # rpc.mountd (the NFS mount daemon). See portmap(8) and rpc.mountd(8)
> # for further information.
> #
> sshd: 192.168.1.1
> : spawn ( echo $(date '+%%d.%%m.%%y %%T') access ALLOWED from %u@%h [%a]
>>> /var/log/tcp_wrapper/%d.log ) &
>
>
>
> I tested with mysqld: ALL in hosts.deny too.
>

What was the mysql client command line which failed? If running on
the same host as the server, the mysql client will use the unix-domain
socket in /var/run/mysqld/mysqld.sock for connecting to the server.
To force it to use an AF_INET socket, pass -h 127.0.0.1 to the mysql
client (-h localhost is not sufficient).

I just tested this on my debian squeeze mysql setup. With -h
127.0.0.1 and "mysqld: ALL" in hosts.deny, connections are rejected.
If you do not want to use mysql access control, you should disable the
socket in the mysql server config, if that's possible.

--
regards,
kushal


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: CAH8GtdM3dzQtQZg_xoR3xVFHr_4mwKfpGaL1sa60aEbbLt-53Q@mail.gmail.com">http://lists.debian.org/CAH8GtdM3dzQtQZg_xoR3xVFHr_4mwKfpGaL1sa60aEbbLt-53Q@mail.gmail.com
 
Old 07-10-2012, 03:05 PM
Zdenek Herman
 
Default Squeeze, MySQL and hosts.allow and hosts.deny ignored

I tried from same and from another host too (with -h parameters)
In log I don't see any in log about connecting.
Is the tcp wrapper check first and than check by mysql grants or reverse?

__________________________________________________ _______
# mysql -h localhost -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or g.
Your MySQL connection id is 288
Server version: 5.1.63-0+squeeze1 (Debian)

Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or 'h' for help. Type 'c' to clear the current input
statement.


mysql>
__________________________________________________ __________

and in hosts.deny is ALL:ALL

Zdenek Herman
zdenek.herman@ille.cz

Dne 10.7.2012 06:46, Kushal Kumaran napsal(a):

On Mon, Jul 9, 2012 at 11:41 PM, Zdenek Herman <zdenek.herman@ille.cz> wrote:

My hosts.deny
# /etc/hosts.deny: list of hosts that are _not_ allowed to access the
system.
# See the manual pages hosts_access(5) and
hosts_options(5).
#
# Example: ALL: some.host.name, .some.domain
# ALL EXCEPT in.fingerd: other.host.name, .other.domain
#
# If you're going to protect the portmapper use the name "portmap" for the
# daemon name. Remember that you can only use the keyword "ALL" and IP
# addresses (NOT host or domain names) for the portmapper, as well as for
# rpc.mountd (the NFS mount daemon). See portmap(8) and rpc.mountd(8)
# for further information.
#
# The PARANOID wildcard matches any host whose name does not match its
# address.
#
# You may wish to enable this to ensure any programs that don't
# validate looked up hostnames still leave understandable logs. In past
# versions of Debian this has been the default.
# ALL: PARANOID
ALL: ALL : spawn ( echo $(date '+%%d.%%m.%%y %%T') access DENIED from %u@%h
[%a] >> /var/log/tcp_wrapper/%d.log ) &

My hosts.allow
# /etc/hosts.allow: list of hosts that are allowed to access the system.
# See the manual pages hosts_access(5) and
hosts_options(5).
#
# Example: ALL: LOCAL @some_netgroup
# ALL: .foobar.edu EXCEPT terminalserver.foobar.edu
#
# If you're going to protect the portmapper use the name "portmap" for the
# daemon name. Remember that you can only use the keyword "ALL" and IP
# addresses (NOT host or domain names) for the portmapper, as well as for
# rpc.mountd (the NFS mount daemon). See portmap(8) and rpc.mountd(8)
# for further information.
#
sshd: 192.168.1.1
: spawn ( echo $(date '+%%d.%%m.%%y %%T') access ALLOWED from %u@%h [%a]

/var/log/tcp_wrapper/%d.log ) &



I tested with mysqld: ALL in hosts.deny too.


What was the mysql client command line which failed? If running on
the same host as the server, the mysql client will use the unix-domain
socket in /var/run/mysqld/mysqld.sock for connecting to the server.
To force it to use an AF_INET socket, pass -h 127.0.0.1 to the mysql
client (-h localhost is not sufficient).

I just tested this on my debian squeeze mysql setup. With -h
127.0.0.1 and "mysqld: ALL" in hosts.deny, connections are rejected.
If you do not want to use mysql access control, you should disable the
socket in the mysql server config, if that's possible.





--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Archive: 4FFC44C9.2090905@ille.cz">http://lists.debian.org/4FFC44C9.2090905@ille.cz
 
Old 07-10-2012, 03:33 PM
Camaleón
 
Default Squeeze, MySQL and hosts.allow and hosts.deny ignored

On Mon, 09 Jul 2012 20:11:10 +0200, Zdenek Herman wrote:

(please, reply at the bottom)

> Dne 9.7.2012 16:52, Camaleón napsal(a):
>> On Sun, 08 Jul 2012 22:26:11 +0200, Zdenek Herman wrote:
>>
>> (...)
>>
>>> When I set hosts.deny ALL: ALL and hosts.allow is empty. I can allow
>>> connect to MySQL from anywhere - settings in hosts.allow and
>>> hosts.deny are ignored.
>> (...)
>>
>> I wonder if you aren't just missing the daemon to filter (mysqld) :-?
>>
>> cat /etc/hosts.deny

> My hosts.deny

(...)

> ALL: ALL : spawn ( echo $(date '+%%d.%%m.%%y %%T') access DENIED from %u@%h [%a] >> /var/log/tcp_wrapper/%d.log ) &

(...)

> My hosts.allow

(...)

> sshd: 192.168.1.1
> : spawn ( echo $(date '+%%d.%%m.%%y %%T') access ALLOWED from %u@%h [%a] >> /var/log/tcp_wrapper/%d.log ) &

And you said this was working for the sshd service, right?

> I tested with mysqld: ALL in hosts.deny too.

Well, that should prevent connections coming from the same host (localhost)
unless you explicitely allow it from the hosts.allow, that has preference.

I don't know why does not work for you. Take a look into this article that
shows a few samples for using mysql with tcp wrappers:

http://www.unixmen.com/securing-services-with-tcp-wrappers/

And also read the manual ("man hosts_options"), maybe we are omitting
something obvious...

Greetings,

--
Camaleón


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/jthi02$cnl$6@dough.gmane.org
 
Old 07-10-2012, 04:09 PM
Zdenek Herman
 
Default Squeeze, MySQL and hosts.allow and hosts.deny ignored

On Mon, 09 Jul 2012 20:11:10 +0200, Zdenek Herman wrote: (please, reply
at the bottom)

Dne 9.7.2012 16:52, Camaleón napsal(a):

On Sun, 08 Jul 2012 22:26:11 +0200, Zdenek Herman wrote:

(...)


When I set hosts.deny ALL: ALL and hosts.allow is empty. I can allow
connect to MySQL from anywhere - settings in hosts.allow and
hosts.deny are ignored.

(...)

I wonder if you aren't just missing the daemon to filter (mysqld) :-?

cat /etc/hosts.deny

My hosts.deny

(...)


ALL: ALL : spawn ( echo $(date '+%%d.%%m.%%y %%T') access DENIED from %u@%h [%a] >> /var/log/tcp_wrapper/%d.log ) &

(...)


My hosts.allow

(...)


sshd: 192.168.1.1
: spawn ( echo $(date '+%%d.%%m.%%y %%T') access ALLOWED from %u@%h [%a] >> /var/log/tcp_wrapper/%d.log ) &

And you said this was working for the sshd service, right?


I tested with mysqld: ALL in hosts.deny too.

Well, that should prevent connections coming from the same host (localhost)
unless you explicitely allow it from the hosts.allow, that has preference.

I don't know why does not work for you. Take a look into this article that
shows a few samples for using mysql with tcp wrappers:

http://www.unixmen.com/securing-services-with-tcp-wrappers/

And also read the manual ("man hosts_options"), maybe we are omitting
something obvious...

Greetings,



I found part of problem. If I use localhost can connect, if 127.0.0.1
all is ok.
If I connect from remote first is checked client in mysql grant and
after in tcp wrappers.
Conslusion for me is that mysql doesn't support tcp wrappers correctly
(first check by wrapper then authentization by service).


-----------------------------------------
root@mon:~# mysql -h localhost -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or g.
Your MySQL connection id is 699
Server version: 5.1.63-0+squeeze1 (Debian)

Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or 'h' for help. Type 'c' to clear the current input
statement.


mysql> quit
Bye
---------------------------------------------------------
root@mon:~# mysql -h 127.0.0.1 -p
Enter password:
ERROR 2013 (HY000): Lost connection to MySQL server at 'reading initial
communication packet', system error: 0

root@mon:~#
---------------------------------------------

Thanks for help

Zdenek


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4FFC53C6.5070400@ille.cz">http://lists.debian.org/4FFC53C6.5070400@ille.cz
 
Old 07-10-2012, 04:29 PM
Camaleón
 
Default Squeeze, MySQL and hosts.allow and hosts.deny ignored

On Tue, 10 Jul 2012 18:09:42 +0200, Zdenek Herman wrote:

> On Mon, 09 Jul 2012 20:11:10 +0200, Zdenek Herman wrote: (please, reply
> at the bottom)
>>> Dne 9.7.2012 16:52, Camaleón napsal(a):

(...)

>> I don't know why does not work for you. Take a look into this article
>> that shows a few samples for using mysql with tcp wrappers:
>>
>> http://www.unixmen.com/securing-services-with-tcp-wrappers/
>>
>> And also read the manual ("man hosts_options"), maybe we are omitting
>> something obvious...
>>
>> Greetings,
>>
>>
> I found part of problem. If I use localhost can connect, if 127.0.0.1
> all is ok.
> If I connect from remote first is checked client in mysql grant and
> after in tcp wrappers.
> Conslusion for me is that mysql doesn't support tcp wrappers correctly
> (first check by wrapper then authentization by service).

(...)

> root@mon:~# mysql -h localhost -p

(...)

Ah, how curious... It seems to be documented here:

4.2.2. Connecting to the MySQL Server
http://dev.mysql.com/doc/refman/5.6/en/connecting.html

"(...) On Unix, MySQL programs treat the host name localhost specially,
in a way that is likely different from what you expect compared to other
network-based programs. For connections to localhost, MySQL programs
attempt to connect to the local server by using a Unix socket file. This
occurs even if a --port or -P option is given to specify a port number.
To ensure that the client makes a TCP/IP connection to the local server,
use --host or -h to specify a host name value of 127.0.0.1, or the IP
address or name of the local server. You can also specify the connection
protocol explicitly, even for localhost, by using the --protocol=TCP
option. For example:

shell> mysql --host=127.0.0.1
shell> mysql --protocol=TCP

(...)"

Greetings,

--
Camaleón


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/jthl8c$cnl$9@dough.gmane.org
 
Old 07-10-2012, 05:41 PM
Dom
 
Default Squeeze, MySQL and hosts.allow and hosts.deny ignored

On 10/07/12 17:29, Camaleón wrote:

On Tue, 10 Jul 2012 18:09:42 +0200, Zdenek Herman wrote:


On Mon, 09 Jul 2012 20:11:10 +0200, Zdenek Herman wrote: (please, reply
at the bottom)

Dne 9.7.2012 16:52, Camaleón napsal(a):


(...)


I don't know why does not work for you. Take a look into this article
that shows a few samples for using mysql with tcp wrappers:

http://www.unixmen.com/securing-services-with-tcp-wrappers/

And also read the manual ("man hosts_options"), maybe we are omitting
something obvious...

Greetings,



I found part of problem. If I use localhost can connect, if 127.0.0.1
all is ok.
If I connect from remote first is checked client in mysql grant and
after in tcp wrappers.
Conslusion for me is that mysql doesn't support tcp wrappers correctly
(first check by wrapper then authentization by service).


(...)


root@mon:~# mysql -h localhost -p


(...)

Ah, how curious... It seems to be documented here:

4.2.2. Connecting to the MySQL Server
http://dev.mysql.com/doc/refman/5.6/en/connecting.html

"(...) On Unix, MySQL programs treat the host name localhost specially,
in a way that is likely different from what you expect compared to other
network-based programs. For connections to localhost, MySQL programs
attempt to connect to the local server by using a Unix socket file. This
occurs even if a --port or -P option is given to specify a port number.
To ensure that the client makes a TCP/IP connection to the local server,
use --host or -h to specify a host name value of 127.0.0.1, or the IP
address or name of the local server. You can also specify the connection
protocol explicitly, even for localhost, by using the --protocol=TCP
option. For example:

shell> mysql --host=127.0.0.1
shell> mysql --protocol=TCP

(...)"



Camaleón is correct.

When you are logged into mysql, you can enter the "status" command and
it will show how you are connected.


Connect via "-h localhost":

mysql> status;
--------------
mysql Ver 14.14 Distrib 5.5.24, for debian-linux-gnu (i686) using
readline 6.2


...
Connection: Localhost via UNIX socket
...
UNIX socket: /var/run/mysqld/mysqld.sock
...
--------------

Connect via "-h 127.0.0.1":

mysql> status;
--------------
mysql Ver 14.14 Distrib 5.5.24, for debian-linux-gnu (i686) using
readline 6.2


...
Connection: 127.0.0.1 via TCP/IP
...
TCP port: 3306
...
--------------

Hope that clears it up a bit.

It might be possible to disable the socket connection in the MySQL
config, but I haven't looked into that.


--
Dom


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Archive: 4FFC6945.1060900@rpdom.net">http://lists.debian.org/4FFC6945.1060900@rpdom.net
 
Old 07-10-2012, 06:18 PM
Zdenek Herman
 
Default Squeeze, MySQL and hosts.allow and hosts.deny ignored

On 10/07/12 17:29, Camaleón wrote:

On Tue, 10 Jul 2012 18:09:42 +0200, Zdenek Herman wrote:


On Mon, 09 Jul 2012 20:11:10 +0200, Zdenek Herman wrote: (please, reply
at the bottom)

Dne 9.7.2012 16:52, Camaleón napsal(a):


(...)


I don't know why does not work for you. Take a look into this article
that shows a few samples for using mysql with tcp wrappers:

http://www.unixmen.com/securing-services-with-tcp-wrappers/

And also read the manual ("man hosts_options"), maybe we are omitting
something obvious...

Greetings,



I found part of problem. If I use localhost can connect, if 127.0.0.1
all is ok.
If I connect from remote first is checked client in mysql grant and
after in tcp wrappers.
Conslusion for me is that mysql doesn't support tcp wrappers correctly
(first check by wrapper then authentization by service).


(...)


root@mon:~# mysql -h localhost -p


(...)

Ah, how curious... It seems to be documented here:

4.2.2. Connecting to the MySQL Server
http://dev.mysql.com/doc/refman/5.6/en/connecting.html

"(...) On Unix, MySQL programs treat the host name localhost specially,
in a way that is likely different from what you expect compared to other
network-based programs. For connections to localhost, MySQL programs
attempt to connect to the local server by using a Unix socket file. This
occurs even if a --port or -P option is given to specify a port number.
To ensure that the client makes a TCP/IP connection to the local server,
use --host or -h to specify a host name value of 127.0.0.1, or the IP
address or name of the local server. You can also specify the connection
protocol explicitly, even for localhost, by using the --protocol=TCP
option. For example:

shell> mysql --host=127.0.0.1
shell> mysql --protocol=TCP

(...)"



Camaleón is correct.

When you are logged into mysql, you can enter the "status" command and
it will show how you are connected.


Connect via "-h localhost":

mysql> status;
--------------
mysql Ver 14.14 Distrib 5.5.24, for debian-linux-gnu (i686) using
readline 6.2


...
Connection: Localhost via UNIX socket
...
UNIX socket: /var/run/mysqld/mysqld.sock
...
--------------

Connect via "-h 127.0.0.1":

mysql> status;
--------------
mysql Ver 14.14 Distrib 5.5.24, for debian-linux-gnu (i686) using
readline 6.2


...
Connection: 127.0.0.1 via TCP/IP
...
TCP port: 3306
...
--------------

Hope that clears it up a bit.

It might be possible to disable the socket connection in the MySQL
config, but I haven't looked into that.




Ok - many thanks guys for reply
This explain first part of problem - my fault sorry.
I tried set in my hosts.allow
mysqld: 127.0.0.1
: spawn ( echo $(date '+%%d.%%m.%%y %%T') access ALLOWED from %u@%h
[%a] >> /var/log/tcp_wrapper/%d.log ) &
This allow connect from localhost - its ok. But why when connect from
remote machine or 127.0.0.1 nothing in log ?

With sshd work same command great.

Thanks Zdenek




--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4FFC71DF.2010900@ille.cz">http://lists.debian.org/4FFC71DF.2010900@ille.cz
 

Thread Tools




All times are GMT. The time now is 04:52 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org