automatic execution

Hi all!

The script blockhosts.py doesn't execute automatically. I have the line

sshd: ALL: spawn (/usr/bin/blockhosts.py --verbose --echo "%c-%s" >> /var/log/blockhosts.log 2>&1 )& : allow

in my hosts.allow, as well as white&blacklist.

It's fine if I execute it manually or as a cronjob, but not just with spawn. Could SELinux be the reason?

Thanks in advance,
Thomas

Just noticed the same thing

Just noticed the same thing happening on a CentOS box . . .

That one is still running BlockHost v1.0.3 though. I'll update and test.

Nope. The latest release

Nope. The latest release v1.0.4 is not updating automatically for me either!

can you post the

can you post the logs?
/var/log/secure/
/var/log/messages

Note that blockhosts.py runs

Note that blockhosts.py runs as expected manually, just not from /etc/hosts.allow
Right now I have crontab firing the command off, but would prefer automatic execution.

Here are 100 lines or so from /var/log/secure:

Jun 20 10:15:29 mybox sshd[11926]: User games from 211.138.113.227 not allowed because not listed in AllowUsers
Jun 20 10:15:29 mybox sshd[11926]: error: Could not get shadow information for NOUSER
Jun 20 10:15:29 mybox sshd[11926]: Failed password for invalid user games from 211.138.113.227 port 4196 ssh2
Jun 20 10:15:29 mybox sshd[11927]: User games from 211.138.113.227 not allowed because not listed in AllowUsers
Jun 20 10:15:29 mybox sshd[11927]: error: Could not get shadow information for NOUSER
Jun 20 10:15:29 mybox sshd[11927]: Failed password for invalid user games from 211.138.113.227 port 4199 ssh2
Jun 20 10:15:29 mybox sshd[11931]: User games from 211.138.113.227 not allowed because not listed in AllowUsers
Jun 20 10:15:29 mybox sshd[11931]: error: Could not get shadow information for NOUSER
Jun 20 10:15:29 mybox sshd[11931]: Failed password for invalid user games from 211.138.113.227 port 4208 ssh2
Jun 20 10:15:29 mybox sshd[11932]: User games from 211.138.113.227 not allowed because not listed in AllowUsers
Jun 20 10:15:29 mybox sshd[11932]: error: Could not get shadow information for NOUSER
Jun 20 10:15:29 mybox sshd[11932]: Failed password for invalid user games from 211.138.113.227 port 4210 ssh2
Jun 20 10:15:29 mybox sshd[11935]: User games from 211.138.113.227 not allowed because not listed in AllowUsers
Jun 20 10:15:29 mybox sshd[11935]: error: Could not get shadow information for NOUSER
Jun 20 10:15:29 mybox sshd[11935]: Failed password for invalid user games from 211.138.113.227 port 4220 ssh2
Jun 20 10:15:30 mybox sshd[11937]: User games from 211.138.113.227 not allowed because not listed in AllowUsers
Jun 20 10:15:30 mybox sshd[11937]: error: Could not get shadow information for NOUSER
Jun 20 10:15:30 mybox sshd[11937]: Failed password for invalid user games from 211.138.113.227 port 4238 ssh2
Jun 20 10:15:30 mybox sshd[11939]: Invalid user angel from 211.138.113.227
Jun 20 10:15:30 mybox sshd[11939]: error: Could not get shadow information for NOUSER
Jun 20 10:15:30 mybox sshd[11939]: Failed password for invalid user angel from 211.138.113.227 port 4246 ssh2
Jun 20 10:15:30 mybox sshd[11941]: Invalid user pgsql from 211.138.113.227
Jun 20 10:15:30 mybox sshd[11941]: error: Could not get shadow information for NOUSER
Jun 20 10:15:30 mybox sshd[11941]: Failed password for invalid user pgsql from 211.138.113.227 port 4252 ssh2
Jun 20 10:15:31 mybox sshd[11942]: Invalid user pgsql from 211.138.113.227
Jun 20 10:15:31 mybox sshd[11942]: error: Could not get shadow information for NOUSER
Jun 20 10:15:31 mybox sshd[11942]: Failed password for invalid user pgsql from 211.138.113.227 port 4254 ssh2
Jun 20 10:15:31 mybox sshd[11943]: Invalid user pgsql from 211.138.113.227
Jun 20 10:15:31 mybox sshd[11943]: error: Could not get shadow information for NOUSER
Jun 20 10:15:31 mybox sshd[11943]: Failed password for invalid user pgsql from 211.138.113.227 port 4255 ssh2
Jun 20 10:15:31 mybox sshd[11947]: Invalid user pgsql from 211.138.113.227
Jun 20 10:15:31 mybox sshd[11947]: error: Could not get shadow information for NOUSER
Jun 20 10:15:31 mybox sshd[11947]: Failed password for invalid user pgsql from 211.138.113.227 port 4262 ssh2
Jun 20 10:15:31 mybox sshd[11948]: Invalid user pgsql from 211.138.113.227
Jun 20 10:15:31 mybox sshd[11948]: error: Could not get shadow information for NOUSER
Jun 20 10:15:31 mybox sshd[11948]: Failed password for invalid user pgsql from 211.138.113.227 port 4265 ssh2
Jun 20 10:15:31 mybox sshd[11951]: Invalid user pgsql from 211.138.113.227
Jun 20 10:15:31 mybox sshd[11951]: error: Could not get shadow information for NOUSER
Jun 20 10:15:31 mybox sshd[11951]: Failed password for invalid user pgsql from 211.138.113.227 port 4279 ssh2
Jun 20 10:15:32 mybox sshd[11953]: Invalid user pgsql from 211.138.113.227
Jun 20 10:15:32 mybox sshd[11953]: error: Could not get shadow information for NOUSER
Jun 20 10:15:32 mybox sshd[11953]: Failed password for invalid user pgsql from 211.138.113.227 port 4291 ssh2
Jun 20 10:15:32 mybox sshd[11955]: User games from 211.138.113.227 not allowed because not listed in AllowUsers
Jun 20 10:15:32 mybox sshd[11955]: error: Could not get shadow information for NOUSER
Jun 20 10:15:32 mybox sshd[11955]: Failed password for invalid user games from 211.138.113.227 port 4307 ssh2
Jun 20 10:15:32 mybox sshd[11957]: Invalid user pgsql from 211.138.113.227
Jun 20 10:15:32 mybox sshd[11957]: error: Could not get shadow information for NOUSER
Jun 20 10:15:32 mybox sshd[11957]: Failed password for invalid user pgsql from 211.138.113.227 port 4318 ssh2
Jun 20 10:15:32 mybox sshd[11958]: Invalid user pgsql from 211.138.113.227
Jun 20 10:15:32 mybox sshd[11958]: error: Could not get shadow information for NOUSER
Jun 20 10:15:32 mybox sshd[11958]: Failed password for invalid user pgsql from 211.138.113.227 port 4319 ssh2
Jun 20 10:15:32 mybox sshd[11959]: Invalid user pgsql from 211.138.113.227
Jun 20 10:15:32 mybox sshd[11959]: error: Could not get shadow information for NOUSER
Jun 20 10:15:32 mybox sshd[11959]: Failed password for invalid user pgsql from 211.138.113.227 port 4320 ssh2
Jun 20 10:15:33 mybox sshd[11963]: Invalid user pgsql from 211.138.113.227
Jun 20 10:15:33 mybox sshd[11963]: error: Could not get shadow information for NOUSER
Jun 20 10:15:33 mybox sshd[11963]: Failed password for invalid user pgsql from 211.138.113.227 port 4329 ssh2
Jun 20 10:15:33 mybox sshd[11964]: Invalid user pgsql from 211.138.113.227
Jun 20 10:15:33 mybox sshd[11964]: error: Could not get shadow information for NOUSER
Jun 20 10:15:33 mybox sshd[11964]: Failed password for invalid user pgsql from 211.138.113.227 port 4331 ssh2
Jun 20 10:15:33 mybox sshd[11967]: Invalid user pgsql from 211.138.113.227
Jun 20 10:15:33 mybox sshd[11967]: error: Could not get shadow information for NOUSER
Jun 20 10:15:33 mybox sshd[11967]: Failed password for invalid user pgsql from 211.138.113.227 port 4341 ssh2
Jun 20 10:15:33 mybox sshd[11969]: Invalid user pgsql from 211.138.113.227
Jun 20 10:15:34 mybox sshd[11969]: error: Could not get shadow information for NOUSER
Jun 20 10:15:34 mybox sshd[11969]: Failed password for invalid user pgsql from 211.138.113.227 port 4353 ssh2
Jun 20 10:15:34 mybox sshd[11971]: Invalid user pgsql from 211.138.113.227
Jun 20 10:15:34 mybox sshd[11971]: error: Could not get shadow information for NOUSER
Jun 20 10:15:34 mybox sshd[11971]: Failed password for invalid user pgsql from 211.138.113.227 port 4371 ssh2
Jun 20 10:15:34 mybox sshd[11973]: User mail from 211.138.113.227 not allowed because not listed in AllowUsers
Jun 20 10:15:34 mybox sshd[11973]: error: Could not get shadow information for NOUSER
Jun 20 10:15:34 mybox sshd[11973]: Failed password for invalid user mail from 211.138.113.227 port 4379 ssh2
Jun 20 10:15:34 mybox sshd[11975]: User mail from 211.138.113.227 not allowed because not listed in AllowUsers
Jun 20 10:15:34 mybox sshd[11975]: error: Could not get shadow information for NOUSER
Jun 20 10:15:34 mybox sshd[11975]: Failed password for invalid user mail from 211.138.113.227 port 4382 ssh2
Jun 20 10:15:34 mybox sshd[11974]: User mail from 211.138.113.227 not allowed because not listed in AllowUsers
Jun 20 10:15:34 mybox sshd[11974]: error: Could not get shadow information for NOUSER
Jun 20 10:15:34 mybox sshd[11974]: Failed password for invalid user mail from 211.138.113.227 port 4381 ssh2
Jun 20 10:15:35 mybox sshd[11979]: User mail from 211.138.113.227 not allowed because not listed in AllowUsers
Jun 20 10:15:35 mybox sshd[11979]: error: Could not get shadow information for NOUSER
Jun 20 10:15:35 mybox sshd[11979]: Failed password for invalid user mail from 211.138.113.227 port 4385 ssh2
Jun 20 10:15:35 mybox sshd[11980]: User mail from 211.138.113.227 not allowed because not listed in AllowUsers
Jun 20 10:15:35 mybox sshd[11980]: error: Could not get shadow information for NOUSER
Jun 20 10:15:35 mybox sshd[11980]: Failed password for invalid user mail from 211.138.113.227 port 4387 ssh2
Jun 20 10:15:35 mybox sshd[11983]: User mail from 211.138.113.227 not allowed because not listed in AllowUsers
Jun 20 10:15:35 mybox sshd[11983]: error: Could not get shadow information for NOUSER
Jun 20 10:15:35 mybox sshd[11983]: Failed password for invalid user mail from 211.138.113.227 port 4397 ssh2
Jun 20 10:15:35 mybox sshd[11985]: User mail from 211.138.113.227 not allowed because not listed in AllowUsers
Jun 20 10:15:35 mybox sshd[11985]: error: Could not get shadow information for NOUSER
Jun 20 10:15:35 mybox sshd[11985]: Failed password for invalid user mail from 211.138.113.227 port 4411 ssh2
Jun 20 10:15:36 mybox sshd[11987]: Invalid user pgsql from 211.138.113.227
Jun 20 10:15:36 mybox sshd[11987]: error: Could not get shadow information for NOUSER
Jun 20 10:15:36 mybox sshd[11987]: Failed password for invalid user pgsql from 211.138.113.227 port 4429 ssh2
Jun 20 10:15:36 mybox sshd[11989]: User adm from 211.138.113.227 not allowed because not listed in AllowUsers
Jun 20 10:15:36 mybox sshd[11989]: error: Could not get shadow information for NOUSER
Jun 20 10:15:36 mybox sshd[11989]: Failed password for invalid user adm from 211.138.113.227 port 4440 ssh2
Jun 20 10:15:36 mybox sshd[11990]: User adm from 211.138.113.227 not allowed because not listed in AllowUsers
Jun 20 10:15:36 mybox sshd[11991]: User adm from 211.138.113.227 not allowed because not listed in AllowUsers
Jun 20 10:15:36 mybox sshd[11990]: error: Could not get shadow information for NOUSER
Jun 20 10:15:36 mybox sshd[11990]: Failed password for invalid user adm from 211.138.113.227 port 4441 ssh2
Jun 20 10:15:36 mybox sshd[11991]: error: Could not get shadow information for NOUSER
Jun 20 10:15:36 mybox sshd[11991]: Failed password for invalid user adm from 211.138.113.227 port 4442 ssh2
Jun 20 10:15:37 mybox sshd[11995]: User adm from 211.138.113.227 not allowed because not listed in AllowUsers
Jun 20 10:15:37 mybox sshd[11995]: error: Could not get shadow information for NOUSER
Jun 20 10:15:37 mybox sshd[11995]: Failed password for invalid user adm from 211.138.113.227 port 4449 ssh2
Jun 20 10:15:37 mybox sshd[11996]: User adm from 211.138.113.227 not allowed because not listed in AllowUsers
Jun 20 10:15:37 mybox sshd[11996]: error: Could not get shadow information for NOUSER
Jun 20 10:15:37 mybox sshd[11996]: Failed password for invalid user adm from 211.138.113.227 port 4452 ssh2
Jun 20 10:15:37 mybox sshd[11999]: User adm from 211.138.113.227 not allowed because not listed in AllowUsers
Jun 20 10:15:37 mybox sshd[11999]: error: Could not get shadow information for NOUSER
Jun 20 10:15:37 mybox sshd[11999]: Failed password for invalid user adm from 211.138.113.227 port 4465 ssh2
Jun 20 10:15:37 mybox sshd[12001]: User adm from 211.138.113.227 not allowed because not listed in AllowUsers
Jun 20 10:15:37 mybox sshd[12001]: error: Could not get shadow information for NOUSER
Jun 20 10:15:37 mybox sshd[12001]: Failed password for invalid user adm from 211.138.113.227 port 4477 ssh2
Jun 20 10:15:38 mybox sshd[12004]: User mail from 211.138.113.227 not allowed because not listed in AllowUsers
Jun 20 10:15:38 mybox sshd[12004]: error: Could not get shadow information for NOUSER
Jun 20 10:15:38 mybox sshd[12004]: Failed password for invalid user mail from 211.138.113.227 port 4492 ssh2
Jun 20 10:15:38 mybox sshd[12006]: Invalid user ident from 211.138.113.227
Jun 20 10:15:38 mybox sshd[12007]: Invalid user ident from 211.138.113.227
Jun 20 10:15:38 mybox sshd[12006]: error: Could not get shadow information for NOUSER
Jun 20 10:15:38 mybox sshd[12006]: Failed password for invalid user ident from 211.138.113.227 port 4506 ssh2
Jun 20 10:15:38 mybox sshd[12007]: error: Could not get shadow information for NOUSER
Jun 20 10:15:38 mybox sshd[12007]: Failed password for invalid user ident from 211.138.113.227 port 4507 ssh2
Jun 20 10:15:39 mybox sshd[12010]: Invalid user ident from 211.138.113.227
Jun 20 10:15:39 mybox sshd[12010]: error: Could not get shadow information for NOUSER
Jun 20 10:15:39 mybox sshd[12010]: Failed password for invalid user ident from 211.138.113.227 port 4510 ssh2
Jun 20 10:15:39 mybox sshd[12011]: Invalid user ident from 211.138.113.227
Jun 20 10:15:39 mybox sshd[12011]: error: Could not get shadow information for NOUSER
Jun 20 10:15:39 mybox sshd[12011]: Failed password for invalid user ident from 211.138.113.227 port 4512 ssh2
Jun 20 10:15:39 mybox sshd[12014]: Invalid user ident from 211.138.113.227
Jun 20 10:15:39 mybox sshd[12014]: error: Could not get shadow information for NOUSER
Jun 20 10:15:39 mybox sshd[12014]: Failed password for invalid user ident from 211.138.113.227 port 4521 ssh2
Jun 20 10:15:39 mybox sshd[12015]: Invalid user ident from 211.138.113.227
Jun 20 10:15:39 mybox sshd[12015]: error: Could not get shadow information for NOUSER
Jun 20 10:15:39 mybox sshd[12015]: Failed password for invalid user ident from 211.138.113.227 port 4532 ssh2

Try removing "spawn" from

Try removing "spawn" from the line in hosts.allow; that extension might not have been compiled into your tcpd.

No change without 'spawn'.

No change without 'spawn'.

Ditch "%c-%s"

I am speaking out of an AIX box, so YMMV...

My version of sshd barfed at the "%c-%s" tag in the spawn command.
I replaced it with: "`date`" and it seems to be working (that's back-ticks around date). I got the clue from the sshd syslog file. You may just want to skip the entire --echo ... 2>&1 stuff first, as an experiment.

I had already done

I had already done that.

There is no date in my echo, my line is
sshd: ALL: spawn (/usr/bin/blockhosts.py --verbose >> /var/log/blockhosts.log 2>&1 )& : allow

Have you checked that

Have you checked that tcp_wrappers works as it supposed to ? Like

all: all: spawn (echo "blah, blah,... from %h" >> /tmp/blahout)& : allow

in /etc/hosts.allow, and see if you get entries in /tmp/blahout from a non white-listed site?

TCP_Wrappers is NOT

TCP_Wrappers is NOT working!

Ouch. I don't know when this happened, it was working originally.

I'm on a CentOS box, what should I check/change?

Tcp_wrappers not working...

tcp_wrappers was originally intended to "wrap" daemons spawned by inetd. Using it to control stand-alone daemons such as sshd is achieved by linking libwarp.a to sshd when compiling the latter.

So, if tcp_wrappers does work for non-sshd connections, but not with ssh, then you have a version of OpenSSH that has not been compiled with libwarp.a .

Also, tcp_wrappers can be implemented in two ways to handle inetd's children; Either by modifying entries in the /etc/inetd.conf file, or by by moving the daemon executables (normally in /usr/sbin) to some non-standard location and replacig them by tcpd.

If all else fails, you can start from scratch by compiling tcp_wrappers and OpenSSH and reconfigure your inetd.