I think inetd does not understand the rwsecure syntax in hosts.deny because inetd/hosts.deny does not support inline "#" commmenting and as a result is recognizing the minutes field in rwsecure's time stamp comment as a shell command. I say this because the hosts.deny man page states that there is an optional third field in the config line for a shell command, thus: {daemen} : {origin address} : {shell command to execute}. The man page also states that lines that *begin* with "#" are comments, but does not specify that anything after a "#" in a line is a comment.
Here's an example from my logs:
/var/log/auth.log:
Apr 13 07:30:09 gateway sshd[12654]: Failed password for illegal user ralph from 220.128.206.131 port 33475 ssh2
Apr 13 07:30:09 gateway sshd[12707]: error: /etc/hosts.deny, line 88: bad option name: "30"
/etc/hosts.deny, L88:
ALL: 220.128.206.131 # Added by rwsecure on Apr 13 2007 07:30:06
man hosts.deny:
ACCESS CONTROL RULES
Each access control file consists of zero or more lines of text. These
lines are processed in order of appearance. The search terminates when
a match is found.
o A newline character is ignored when it is preceded by a back-
slash character. This permits you to break up long lines so that
they are easier to edit.
o Blank lines or lines that begin with a `#' character are
ignored. This permits you to insert comments and whitespace so
that the tables are easier to read.
o All other lines should satisfy the following format, things
between [] being optional:
I think inetd does not understand the rwsecure syntax in hosts.deny because inetd/hosts.deny does not support inline "#" commmenting and as a result is recognizing the minutes field in rwsecure's time stamp comment as a shell command. I say this because the hosts.deny man page states that there is an optional third field in the config line for a shell command, thus: {daemen} : {origin address} : {shell command to execute}. The man page also states that lines that *begin* with "#" are comments, but does not specify that anything after a "#" in a line is a comment.
Here's an example from my logs:
/var/log/auth.log:
Apr 13 07:30:09 gateway sshd[12654]: Failed password for illegal user ralph from 220.128.206.131 port 33475 ssh2
Apr 13 07:30:09 gateway sshd[12707]: error: /etc/hosts.deny, line 88: bad option name: "30"
/etc/hosts.deny, L88:
ALL: 220.128.206.131 # Added by rwsecure on Apr 13 2007 07:30:06
man hosts.deny:
ACCESS CONTROL RULES
Each access control file consists of zero or more lines of text. These
lines are processed in order of appearance. The search terminates when
a match is found.
o A newline character is ignored when it is preceded by a back-
slash character. This permits you to break up long lines so that
they are easier to edit.
o Blank lines or lines that begin with a `#' character are
ignored. This permits you to insert comments and whitespace so
that the tables are easier to read.
o All other lines should satisfy the following format, things
between [] being optional:
daemon_list : client_list [ : shell_command ]
(...)
EXAMPLES
(...)
/etc/hosts.deny:
in.tftpd: ALL: (/usr/sbin/safe_finger -l @%h | \ /usr/bin/mail -s %d-%h root) &
I like the comment, but I think it will have to go on a seperate line, eg:
# 220.128.206.131 Added by rwsecure on Apr 13 2007 07:30:06
ALL: 220.128.206.131
Should be fixed in v0.5. Thanks!