warning: cannot open /etc/hosts.allow: Permission denied
Re: warning: cannot open /etc/hosts.allow: Permission denied
@becho - a gentle reminder that everyone here is a volunteer helping you out in their own time and subject to the demands of work, family and social life. You may have a major problem, we don't. Adding a tag like "can you respond soon please" is neither helpful nor friendly.
Re: warning: cannot open /etc/hosts.allow: Permission denied
Sorry if it seems something unfriendly i just requesting politely if i can get a response sooner
i understand you mayn't respond if you can't
Have a nice day!
i understand you mayn't respond if you can't
Have a nice day!
-
- Posts: 519
- Joined: 2012/06/26 14:20:47
Re: warning: cannot open /etc/hosts.allow: Permission denied
I suspect you've messed up more permissions than those you've fixed so far. You can verify all the files owned by packages with "rpm -Va".
Re: warning: cannot open /etc/hosts.allow: Permission denied
Thanks a lot for the reply
I have checked most of the packages
I have found this
rpm -V nfs-utils
.M....... /sbin/mount.nfs
i cannot fix it with rpm --setperms and --setugids
Will this be the issue for failed nfs-lock service?
systemctl status nfs-lock
● rpc-statd.service - NFS status monitor for NFSv2/3 locking.
Loaded: loaded (/usr/lib/systemd/system/rpc-statd.service; static; vendor preset: disabled)
Active: failed (Result: exit-code) since 2020-04-30 09:49:30 UTC; 31min ago
Process: 1606 ExecStart=/usr/sbin/rpc.statd $STATDARGS (code=exited, status=1/FAILURE)
.local systemd[1]: Starting NFS status monitor for NFSv2/3 loc.....
.local rpc.statd[1613]: Version 1.3.0 starting
.local rpc.statd[1613]: Flags: TI-RPC
.local rpc.statd[1613]: Failed to access local netconfig datab...nd
.local systemd[1]: rpc-statd.service: control process exited, ...=1
.local systemd[1]: Failed to start NFS status monitor for NFSv.....
.local systemd[1]: Unit rpc-statd.service entered failed state.
.local systemd[1]: rpc-statd.service failed.
can you help on this?
I have checked most of the packages
I have found this
rpm -V nfs-utils
.M....... /sbin/mount.nfs
i cannot fix it with rpm --setperms and --setugids
Will this be the issue for failed nfs-lock service?
systemctl status nfs-lock
● rpc-statd.service - NFS status monitor for NFSv2/3 locking.
Loaded: loaded (/usr/lib/systemd/system/rpc-statd.service; static; vendor preset: disabled)
Active: failed (Result: exit-code) since 2020-04-30 09:49:30 UTC; 31min ago
Process: 1606 ExecStart=/usr/sbin/rpc.statd $STATDARGS (code=exited, status=1/FAILURE)
.local systemd[1]: Starting NFS status monitor for NFSv2/3 loc.....
.local rpc.statd[1613]: Version 1.3.0 starting
.local rpc.statd[1613]: Flags: TI-RPC
.local rpc.statd[1613]: Failed to access local netconfig datab...nd
.local systemd[1]: rpc-statd.service: control process exited, ...=1
.local systemd[1]: Failed to start NFS status monitor for NFSv.....
.local systemd[1]: Unit rpc-statd.service entered failed state.
.local systemd[1]: rpc-statd.service failed.
can you help on this?
Re: warning: cannot open /etc/hosts.allow: Permission denied
Has anyone checked this? I m still having the issue. Please help.
-
- Posts: 1521
- Joined: 2014/05/21 20:16:00
- Location: Central New York, USA
Re: warning: cannot open /etc/hosts.allow: Permission denied
When I messed up permissions badly and yum reinstall didn't fix it, I wound up doing a clean system install. I didn't want to, but it fixed the problem.
Re: warning: cannot open /etc/hosts.allow: Permission denied
Do you mean reinstalling the OS again? I can't do that as a lot of configurations, VMs ...involved I would appreciate fixing it with our installing system again
Re: warning: cannot open /etc/hosts.allow: Permission denied
checking rpm -Va shows a lot of folders mode being differed. I can't identify by which package or shall I fix each folder permission? Please help. This is the result from rpm -Va
rpm -Va
.M....... /usr/sbin/postdrop
.M....... /usr/sbin/postqueue
.M....... g /etc/lvm/cache/.cache
.M....... /usr/lib64/python2.7/site-packages/selinux/__init__.py
.M....... /usr/lib64/python2.7/site-packages/selinux/__init__.pyc
.M....... /usr/lib64/python2.7/site-packages/selinux/__init__.pyo
.M....... /usr/bin/ssh-agent
.M....... d /usr/share/man/man5/booleans.5.gz
.M....... d /usr/share/man/man5/customizable_types.5.gz
.M....... d /usr/share/man/man5/default_contexts.5.gz
.M....... d /usr/share/man/man5/default_type.5.gz
.M....... d /usr/share/man/man5/failsafe_context.5.gz
.M....... d /usr/share/man/man5/file_contexts.5.gz
.M....... d /usr/share/man/man5/file_contexts.homedirs.5.gz
.M....... d /usr/share/man/man5/file_contexts.local.5.gz
.M....... d /usr/share/man/man5/file_contexts.subs.5.gz
.M....... d /usr/share/man/man5/file_contexts.subs_dist.5.gz
.M....... d /usr/share/man/man5/local.users.5.gz
.M....... d /usr/share/man/man5/media.5.gz
.M....... d /usr/share/man/man5/removable_context.5.gz
.M....... d /usr/share/man/man5/secolor.conf.5.gz
.M....... d /usr/share/man/man5/securetty_types.5.gz
.M....... d /usr/share/man/man5/selabel_db.5.gz
.M....... d /usr/share/man/man5/selabel_file.5.gz
.M....... d /usr/share/man/man5/selabel_media.5.gz
.M....... d /usr/share/man/man5/selabel_x.5.gz
.M....... d /usr/share/man/man5/sepgsql_contexts.5.gz
.M....... d /usr/share/man/man5/service_seusers.5.gz
.M....... d /usr/share/man/man5/seusers.5.gz
.M....... d /usr/share/man/man5/user_contexts.5.gz
.M....... d /usr/share/man/man5/virtual_domain_context.5.gz
.M....... d /usr/share/man/man5/virtual_image_context.5.gz
.M....... d /usr/share/man/man5/x_contexts.5.gz
.M....... d /usr/share/man/man8/avcstat.8.gz
.M....... d /usr/share/man/man8/booleans.8.gz
.M....... d /usr/share/man/man8/getenforce.8.gz
.M....... d /usr/share/man/man8/getsebool.8.gz
.M....... d /usr/share/man/man8/matchpathcon.8.gz
.M....... d /usr/share/man/man8/sefcontext_compile.8.gz
.M....... d /usr/share/man/man8/selinux.8.gz
.M....... d /usr/share/man/man8/selinuxconlist.8.gz
.M....... d /usr/share/man/man8/selinuxdefcon.8.gz
.M....... d /usr/share/man/man8/selinuxenabled.8.gz
.M....... d /usr/share/man/man8/selinuxexeccon.8.gz
.M....... d /usr/share/man/man8/setenforce.8.gz
.M....... /usr/libexec/utempter/utempter
.M....... /usr/libexec/dbus-1/dbus-daemon-launch-helper
.M....... /boot
.M....... /etc
.M....... /etc/X11
.M....... /etc/X11/applnk
.M....... /etc/X11/fontpath.d
.M....... /etc/opt
.M....... /etc/pki
.M....... /etc/pm
.M....... /etc/pm/config.d
.M....... /etc/pm/power.d
.M....... /etc/pm/sleep.d
.M....... /etc/skel
.M....... /etc/sysconfig
.M....... /etc/xdg
.M....... /etc/xdg/autostart
.M....... /etc/xinetd.d
......G.. /home
.M....... /root
.M....... /usr/bin
.M....... /usr/lib
.M....... /usr/lib/games
.M....... /usr/lib/sse2
.M....... /usr/lib64
.M....... /usr/lib64/X11
.M....... /usr/lib64/games
.M....... /usr/lib64/pm-utils
.M....... /usr/lib64/pm-utils/module.d
.M....... /usr/lib64/pm-utils/power.d
.M....... /usr/lib64/pm-utils/sleep.d
.M....... /usr/lib64/sse2
.M....... /usr/lib64/tls
.M....... /usr/sbin
.M....... /usr/share/empty
.M....... /var/spool/mail
.......T. c /etc/openldap/ldap.conf
.M....... /usr/bin/locate
.M....... d /usr/share/man/man1/hardlink.1.gz
.M....... c /etc/default/grub
.M....... c /boot/grub2/grub.cfg
S.5....T. c /etc/sysconfig/authconfig
S.5....T. c /etc/hosts.allow
.M....... c /etc/tuned/active_profile
.M....... c /etc/tuned/profile_mode
....L.... c /etc/pam.d/fingerprint-auth
....L.... c /etc/pam.d/password-auth
....L.... c /etc/pam.d/postlogin
....L.... c /etc/pam.d/smartcard-auth
....L.... c /etc/pam.d/system-auth
.M....... /usr/sbin/pam_timestamp_check
.M....... /usr/sbin/unix_chkpwd
.M....... /usr/bin/screen
.M....... /usr/bin/wall
.M....... /sbin/mount.nfs
........P /usr/bin/ping
........P /usr/sbin/arping
........P /usr/sbin/clockdiff
S.5....T. c /etc/fail2ban/jail.conf
.M....... c /root/.bash_logout
.M....... c /root/.bash_profile
.M....... c /root/.bashrc
.M....... c /root/.cshrc
.M....... c /root/.tcshrc
.M....... /usr/lib/tmpfiles.d/libselinux.conf
..5....T. c /etc/yum.repos.d/CentOS-Vault.repo
.M....... /usr/libexec/openssh/ssh-keysign
.M....... c /etc/sysconfig/kernel
rpm -Va
.M....... /usr/sbin/postdrop
.M....... /usr/sbin/postqueue
.M....... g /etc/lvm/cache/.cache
.M....... /usr/lib64/python2.7/site-packages/selinux/__init__.py
.M....... /usr/lib64/python2.7/site-packages/selinux/__init__.pyc
.M....... /usr/lib64/python2.7/site-packages/selinux/__init__.pyo
.M....... /usr/bin/ssh-agent
.M....... d /usr/share/man/man5/booleans.5.gz
.M....... d /usr/share/man/man5/customizable_types.5.gz
.M....... d /usr/share/man/man5/default_contexts.5.gz
.M....... d /usr/share/man/man5/default_type.5.gz
.M....... d /usr/share/man/man5/failsafe_context.5.gz
.M....... d /usr/share/man/man5/file_contexts.5.gz
.M....... d /usr/share/man/man5/file_contexts.homedirs.5.gz
.M....... d /usr/share/man/man5/file_contexts.local.5.gz
.M....... d /usr/share/man/man5/file_contexts.subs.5.gz
.M....... d /usr/share/man/man5/file_contexts.subs_dist.5.gz
.M....... d /usr/share/man/man5/local.users.5.gz
.M....... d /usr/share/man/man5/media.5.gz
.M....... d /usr/share/man/man5/removable_context.5.gz
.M....... d /usr/share/man/man5/secolor.conf.5.gz
.M....... d /usr/share/man/man5/securetty_types.5.gz
.M....... d /usr/share/man/man5/selabel_db.5.gz
.M....... d /usr/share/man/man5/selabel_file.5.gz
.M....... d /usr/share/man/man5/selabel_media.5.gz
.M....... d /usr/share/man/man5/selabel_x.5.gz
.M....... d /usr/share/man/man5/sepgsql_contexts.5.gz
.M....... d /usr/share/man/man5/service_seusers.5.gz
.M....... d /usr/share/man/man5/seusers.5.gz
.M....... d /usr/share/man/man5/user_contexts.5.gz
.M....... d /usr/share/man/man5/virtual_domain_context.5.gz
.M....... d /usr/share/man/man5/virtual_image_context.5.gz
.M....... d /usr/share/man/man5/x_contexts.5.gz
.M....... d /usr/share/man/man8/avcstat.8.gz
.M....... d /usr/share/man/man8/booleans.8.gz
.M....... d /usr/share/man/man8/getenforce.8.gz
.M....... d /usr/share/man/man8/getsebool.8.gz
.M....... d /usr/share/man/man8/matchpathcon.8.gz
.M....... d /usr/share/man/man8/sefcontext_compile.8.gz
.M....... d /usr/share/man/man8/selinux.8.gz
.M....... d /usr/share/man/man8/selinuxconlist.8.gz
.M....... d /usr/share/man/man8/selinuxdefcon.8.gz
.M....... d /usr/share/man/man8/selinuxenabled.8.gz
.M....... d /usr/share/man/man8/selinuxexeccon.8.gz
.M....... d /usr/share/man/man8/setenforce.8.gz
.M....... /usr/libexec/utempter/utempter
.M....... /usr/libexec/dbus-1/dbus-daemon-launch-helper
.M....... /boot
.M....... /etc
.M....... /etc/X11
.M....... /etc/X11/applnk
.M....... /etc/X11/fontpath.d
.M....... /etc/opt
.M....... /etc/pki
.M....... /etc/pm
.M....... /etc/pm/config.d
.M....... /etc/pm/power.d
.M....... /etc/pm/sleep.d
.M....... /etc/skel
.M....... /etc/sysconfig
.M....... /etc/xdg
.M....... /etc/xdg/autostart
.M....... /etc/xinetd.d
......G.. /home
.M....... /root
.M....... /usr/bin
.M....... /usr/lib
.M....... /usr/lib/games
.M....... /usr/lib/sse2
.M....... /usr/lib64
.M....... /usr/lib64/X11
.M....... /usr/lib64/games
.M....... /usr/lib64/pm-utils
.M....... /usr/lib64/pm-utils/module.d
.M....... /usr/lib64/pm-utils/power.d
.M....... /usr/lib64/pm-utils/sleep.d
.M....... /usr/lib64/sse2
.M....... /usr/lib64/tls
.M....... /usr/sbin
.M....... /usr/share/empty
.M....... /var/spool/mail
.......T. c /etc/openldap/ldap.conf
.M....... /usr/bin/locate
.M....... d /usr/share/man/man1/hardlink.1.gz
.M....... c /etc/default/grub
.M....... c /boot/grub2/grub.cfg
S.5....T. c /etc/sysconfig/authconfig
S.5....T. c /etc/hosts.allow
.M....... c /etc/tuned/active_profile
.M....... c /etc/tuned/profile_mode
....L.... c /etc/pam.d/fingerprint-auth
....L.... c /etc/pam.d/password-auth
....L.... c /etc/pam.d/postlogin
....L.... c /etc/pam.d/smartcard-auth
....L.... c /etc/pam.d/system-auth
.M....... /usr/sbin/pam_timestamp_check
.M....... /usr/sbin/unix_chkpwd
.M....... /usr/bin/screen
.M....... /usr/bin/wall
.M....... /sbin/mount.nfs
........P /usr/bin/ping
........P /usr/sbin/arping
........P /usr/sbin/clockdiff
S.5....T. c /etc/fail2ban/jail.conf
.M....... c /root/.bash_logout
.M....... c /root/.bash_profile
.M....... c /root/.bashrc
.M....... c /root/.cshrc
.M....... c /root/.tcshrc
.M....... /usr/lib/tmpfiles.d/libselinux.conf
..5....T. c /etc/yum.repos.d/CentOS-Vault.repo
.M....... /usr/libexec/openssh/ssh-keysign
.M....... c /etc/sysconfig/kernel
Re: warning: cannot open /etc/hosts.allow: Permission denied
First of all, if you do not have a good explanation why all the files/directories had their permissions changed you have to consider that your system has been broken into and is compromised.
tells you that /usr/sbin/postdrop belongs to the postfix package.
So fix the permissions for files directories provided by the postfix package with:
Continue with other packages, until you have fixed all problems reported by
Code: Select all
rpm -q -f /usr/sbin/postdrop
So fix the permissions for files directories provided by the postfix package with:
Code: Select all
rpm --setperm postfix
Code: Select all
rpm -V -a
These files are changed. Check that the altered content is OK. Are you compromised?S.5....T. c /etc/sysconfig/authconfig
S.5....T. c /etc/hosts.allow
S.5....T. c /etc/fail2ban/jail.conf
..5....T. c /etc/yum.repos.d/CentOS-Vault.repo
What is going on with these links? Where are they pointing to? Again: are you compromised?....L.... c /etc/pam.d/fingerprint-auth
....L.... c /etc/pam.d/password-auth
....L.... c /etc/pam.d/postlogin
....L.... c /etc/pam.d/smartcard-auth
....L.... c /etc/pam.d/system-auth
-
- Posts: 1521
- Joined: 2014/05/21 20:16:00
- Location: Central New York, USA
Re: warning: cannot open /etc/hosts.allow: Permission denied
I don't see a fix for this as even within folders permissions often differ by file. As a last-ditch attempt to avoid a rebuild, you might try "yum reinstall \*.\*" - it's going to take a while. You'll have to do it on each machine for which groups were changed. If that followed by a reboot doesn't fix it, back up your data and config files and get out your installation media. On the new install, guard against permission changes, especially with wildcards and "-R".
Sorry - unless someone else here knows other magic that would help ...
Sorry - unless someone else here knows other magic that would help ...