3

I installed Denyhosts and then my permanent ip was partially blocked for some reason ("partially" blocked because while I couldn't ssh or ftp, I was able to http into my sites).

I deleted Denyhosts and was still blocked so I logged in from another computer with another ip and removed my ip from /etc/hosts.deny. Then, I was no longer blocked and ssh'd successfully.

Yet, for some reason I became partially blocked again and had to repeat the process.

My question

My question can be comprised of the following questions:

  1. Why did /etc/hosts.deny not deleted when I did apt-get purge denyhosts?
  2. Is it safe to fully remove /etc/hosts.deny so that only iptables will block ip's?

1 Answers1

4

The man page for hosts.deny (man hosts.deny) explains the order of processing:

The access control software consults two files. The search stops at the first match:

  • Access will be granted when a (daemon,client) pair matches an entry in the /etc/hosts.allow file.
  • Otherwise, access will be denied when a (daemon,client) pair matches an entry in the /etc/hosts.deny file.
  • Otherwise, access will be granted.

So from this you can see that it is quite safe to delete /etc/hosts.deny (and /etc/hosts.allow, for that matter).

Now, as to your question regarding the automatic deletion - or not - of /etc/hosts.deny when you uninstall denyhosts. This file - and its complement /etc/hosts.allow - belongs to tcp_wrappers so it is not for denyhosts to remove it when you uninstall it.

roaima
  • 107,089
  • 14
  • 139
  • 261