hosts.allow and hosts.deny moved to .rpmsave, why?
FedoraForum.org - Fedora Support Forums and Community
Results 1 to 3 of 3
  1. #1
    Join Date
    Aug 2011
    Posts
    46
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question hosts.allow and hosts.deny moved to .rpmsave, why?

    I just noticed that hosts.allow and hosts.deny were missing on my system; both renamed out out of the way to .rpmsave files. Does anyone know why this happened?

    I mean, I know that RPM did it on upgrade of some package, and I assume it was the tcp_wrappers package. But, does anyone know why a recent update of that package included the instructions to remove these files? Where they deprecated? The man page doesn't say anything about that. Why would this be necessary?

    I noticed this after upgrading to Fedora30, as I was reviewing /etc files. I am assuming this did not compromise my system, in the meantime, but I forgot to check the file timestamps, so I'm not quite sure how long I had been running without those limits, and I cannot be 100 % sure it happened with the system-upgrade process. But, according the dnf.log files, the last time tcp_wraper RPM was updated was during the system upgrade.

    Also, 'rpmconf -a' did *not* catch these changes. I know that it does find and alert on other .rpmsave files, but it did not alert me to these files that were deleted without my knowledge. I'm assuming that is because these files are not officially owned by any package??? I guess that makes sense, but is certain to cause these errors as it does not conform to expected behavior.

  2. #2
    Join Date
    Aug 2011
    Posts
    46
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question Re: hosts.allow and hosts.deny moved to .rpmsave, why?

    Well, this is clearly part of it:

    https://fedoraproject.org/wiki/Chang...e_TCP_wrappers

    Geeze, I usually read the release notes and I don't remember reading that. The worst part is that is says "use another access control" method, but I'm not aware of a way to control the firewall so easily. Hmm, I'm not sure what to do. Does anyone know how to get dynamic block lists into fedora desktop firewall? Hell, how do you use fail2ban without tcpd? I mean, saying tcpd is 20 years old is all well and good, but am not aware of an equivalent replacement. Is there one?

  3. #3
    Join Date
    Aug 2011
    Posts
    46
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: hosts.allow and hosts.deny moved to .rpmsave, why?

    There was an obscure reference to eBPF in the deprecation annoucement, but the link was to the original RFP for this feature and it didn't make clear how to use it, in production, as a replacement for tcpd. I found this, however, and I think it is getting there.

    http://0pointer.net/blog/ip-accounti...h-systemd.html

Similar Threads

  1. [SOLVED]
    SSh - denyhosts - hosts.deny & hosts.allow
    By SteveT in forum Using Fedora
    Replies: 7
    Last Post: 27th January 2017, 12:08 AM
  2. /etc/hosts.allow and hosts.deny
    By bigmacbb63 in forum Security and Privacy
    Replies: 9
    Last Post: 19th March 2010, 10:22 PM
  3. how to configure hosts.allow and hosts.deny
    By nkjha in forum Security and Privacy
    Replies: 4
    Last Post: 19th January 2009, 04:10 PM
  4. hosts.deny vs iptables
    By cbrenchley in forum Using Fedora
    Replies: 3
    Last Post: 15th April 2008, 12:38 AM
  5. hosts deny file
    By quacked in forum Security and Privacy
    Replies: 15
    Last Post: 15th January 2008, 01:52 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •