Hello everyone. I currently have Mandrake Linux v9.1 installed with KDE.

Not sure if this info is needed for my question, but. When we installed the OS, we initially set the security to parinoid. Since then we have dropped it to high.

Now for the problem. Everytime the SSH server is restarted, it writes to the hosts.deny file:

ALL:ALL EXCEPT 127.0.0.1ENY


Why would it be doing this? We have taken the file permissions to read only and it still gets written to. I assume its because root is doing it. Does anyone know how to fix this problem?

I appreciate any and all help provided. Thank you.

Respectfully

WoodyH

Not sure if this info is needed for my question, but.
Yes, it's necessary to know. Whats that app again... It's Msec, innit? Or are you using something else, like Bastille?

Everytime the SSH server is restarted, it writes to the hosts.deny file
No, OpenSSH doesn't, it's either Msec, Bastille or whatever you're using.

Why would it be doing this?
Cuz translated it sez "connections restricted to the loopback device".

We have taken the file permissions to read only and it still gets written to.
That is a rather crude solution. IMHO you should look up the apps documents, check where you can customize behaviour, search the script for where/when/how it changes /etc/hosts.deny and then (probably) write a custom script to handle it or comment out the functionality. If you got ext2/3fs then you can also set the immutable bit on the file using "chattr", but you then will have to remember to always include checking TCP wrappers when troubleshooting network access problems wrt servers on the public interface.