Demo Discussion
Forum Config Examples Contributions Vulnerabilities
  Discussion forum about ELOG  Not logged in ELOG logo
 Back  |  Find  |  Login  |  Help 
icon5.gif   hosts allow, posted by Susan James on Fri Nov 17 18:58:52 2017 
    icon2.gif   Re: hosts allow, posted by Andreas Luedeke on Sat Nov 18 19:36:57 2017 
       icon2.gif   Re: hosts allow, posted by Susan James on Tue Nov 21 01:27:06 2017 
          icon2.gif   Re: hosts allow, posted by Susan James on Thu Dec 7 21:54:58 2017 
             icon2.gif   Re: hosts allow, posted by Andreas Luedeke on Fri Dec 8 19:47:04 2017 
                icon2.gif   Re: hosts allow, posted by Stefan Ritt on Mon Dec 11 13:16:32 2017 
Message ID: 68712     Entry time: Mon Dec 11 13:16:32 2017     In reply to: 68711
Icon: Reply  Author: Stefan Ritt  Author Email: stefan.ritt@psi.ch 
Category: Question  OS: Linux  ELOG Version: 3.1.2-bd7 
Subject: Re: hosts allow 

Have you set

Resolve host names = 1

in the config file? If it still does not work, run "elogd -v" from the terminal and watch the output. You should see someting like:

Remote host "mpc1865.psi.ch" matches "ALL" in "Hosts deny". Access denied.
Remote host "mpc1865.psi.ch" matches ".lbl.gov" in "Hosts allow". Access granted.

 

Regards,
Stefan

Andreas Luedeke wrote:
Hi Susan,
the documentation states that you should start elogd with the -v option from the command line and look at the output. Did you try this?
You might post the output here to get further help.
Cheers
Andreas
Susan James wrote:

Hi All,

We're still having trouble with hosts.allow and hosts.deny.

We're trying to allow all of our domain  lbl.gov to the access list

for our logbooks.  But the combination below is not working.

==========================

[ below denies ALL ]

Hosts allow = .lbl.gov
Hosts deny = ALL

[ below denies ALL ]

Hosts deny = ALL

Hosts allow = .lbl.gov

========================
Can someone help?

Susan James wrote:

thanks for your quick reply.

the configuration is still not working.  See my entry below which denies everyone.

I've tried many different combinations of 'hosts allow and hosts deny'

we want to restrict all our logbooks to only domain lbl.gov

[ below denies ALL ]

Hosts allow = .lbl.gov
Hosts deny = ALL

[ below denies ALL ]

Hosts deny = ALL

Hosts allow = .lbl.gov
 

Can you help?

 

Andreas Luedeke wrote:

Hi Susan,

according to the documentation you need to add "Hosts deny = All" in addition to the "Hosts allow" command.
Here is the relevant excerpt from the documentation (https://midas.psi.ch/elog/config.html#access).
Cheers
Andreas
  • Hosts allow = <list>
  • Hosts deny = <list>

These two settings can be used to restrict the access to the logbook to certain computers. It is similar to the UNIX hosts.allow and hosts.deny files. The list can consist of individual host names or IP numbers, subnet masks like 123.213. (note the trailing '.') or .mit.edu, or the word All. The following rules are applied:

  • Access will be granted when a host matches a pattern in "hosts allow".
  • Otherwise, access will be denied when a host matches a pattern in "hosts deny".
  • Otherwise, access will be granted.

These rules are applied before any password is checked. To debug problems, start elogd with the "-v" flag, in which case the rule checking is printed on the screen.

 

Susan James wrote:

I'm trying to wrap our elog instance to our company domain which is lbl.gov

I add this entry below (without quotes) to elogd.cfg and it's not working.  the world can see our logbooks

" Hosts Allow = *.lbl.gov ".

can someone help?

 

 

 

 

 

 

 

ELOG V3.1.5-fe60aaf