warning: cannot open /etc/hosts.allow: Permission denied

Issues related to applications and software problems
MartinR
Posts: 714
Joined: 2015/05/11 07:53:27
Location: UK

Re: warning: cannot open /etc/hosts.allow: Permission denied

Post by MartinR » 2020/04/27 09:06:11

@becho - a gentle reminder that everyone here is a volunteer helping you out in their own time and subject to the demands of work, family and social life. You may have a major problem, we don't. Adding a tag like "can you respond soon please" is neither helpful nor friendly.

becho
Posts: 13
Joined: 2020/04/21 13:45:59

Re: warning: cannot open /etc/hosts.allow: Permission denied

Post by becho » 2020/04/27 09:20:59

Sorry if it seems something unfriendly i just requesting politely if i can get a response sooner :?
i understand you mayn't respond if you can't
Have a nice day!

stevemowbray
Posts: 519
Joined: 2012/06/26 14:20:47

Re: warning: cannot open /etc/hosts.allow: Permission denied

Post by stevemowbray » 2020/04/27 11:53:16

I suspect you've messed up more permissions than those you've fixed so far. You can verify all the files owned by packages with "rpm -Va".

becho
Posts: 13
Joined: 2020/04/21 13:45:59

Re: warning: cannot open /etc/hosts.allow: Permission denied

Post by becho » 2020/04/30 10:39:05

Thanks a lot for the reply
I have checked most of the packages
I have found this
rpm -V nfs-utils
.M....... /sbin/mount.nfs
i cannot fix it with rpm --setperms and --setugids
Will this be the issue for failed nfs-lock service?
systemctl status nfs-lock
● rpc-statd.service - NFS status monitor for NFSv2/3 locking.
Loaded: loaded (/usr/lib/systemd/system/rpc-statd.service; static; vendor preset: disabled)
Active: failed (Result: exit-code) since 2020-04-30 09:49:30 UTC; 31min ago
Process: 1606 ExecStart=/usr/sbin/rpc.statd $STATDARGS (code=exited, status=1/FAILURE)

.local systemd[1]: Starting NFS status monitor for NFSv2/3 loc.....
.local rpc.statd[1613]: Version 1.3.0 starting
.local rpc.statd[1613]: Flags: TI-RPC
.local rpc.statd[1613]: Failed to access local netconfig datab...nd
.local systemd[1]: rpc-statd.service: control process exited, ...=1
.local systemd[1]: Failed to start NFS status monitor for NFSv.....
.local systemd[1]: Unit rpc-statd.service entered failed state.
.local systemd[1]: rpc-statd.service failed.

can you help on this?

becho
Posts: 13
Joined: 2020/04/21 13:45:59

Re: warning: cannot open /etc/hosts.allow: Permission denied

Post by becho » 2020/05/12 08:53:43

Has anyone checked this? I m still having the issue. Please help.

lightman47
Posts: 1521
Joined: 2014/05/21 20:16:00
Location: Central New York, USA

Re: warning: cannot open /etc/hosts.allow: Permission denied

Post by lightman47 » 2020/05/12 11:20:58

When I messed up permissions badly and yum reinstall didn't fix it, I wound up doing a clean system install. I didn't want to, but it fixed the problem.

becho
Posts: 13
Joined: 2020/04/21 13:45:59

Re: warning: cannot open /etc/hosts.allow: Permission denied

Post by becho » 2020/05/12 13:46:02

Do you mean reinstalling the OS again? I can't do that as a lot of configurations, VMs ...involved I would appreciate fixing it with our installing system again

becho
Posts: 13
Joined: 2020/04/21 13:45:59

Re: warning: cannot open /etc/hosts.allow: Permission denied

Post by becho » 2020/05/12 13:48:28

checking rpm -Va shows a lot of folders mode being differed. I can't identify by which package or shall I fix each folder permission? Please help. This is the result from rpm -Va
rpm -Va
.M....... /usr/sbin/postdrop
.M....... /usr/sbin/postqueue
.M....... g /etc/lvm/cache/.cache
.M....... /usr/lib64/python2.7/site-packages/selinux/__init__.py
.M....... /usr/lib64/python2.7/site-packages/selinux/__init__.pyc
.M....... /usr/lib64/python2.7/site-packages/selinux/__init__.pyo
.M....... /usr/bin/ssh-agent
.M....... d /usr/share/man/man5/booleans.5.gz
.M....... d /usr/share/man/man5/customizable_types.5.gz
.M....... d /usr/share/man/man5/default_contexts.5.gz
.M....... d /usr/share/man/man5/default_type.5.gz
.M....... d /usr/share/man/man5/failsafe_context.5.gz
.M....... d /usr/share/man/man5/file_contexts.5.gz
.M....... d /usr/share/man/man5/file_contexts.homedirs.5.gz
.M....... d /usr/share/man/man5/file_contexts.local.5.gz
.M....... d /usr/share/man/man5/file_contexts.subs.5.gz
.M....... d /usr/share/man/man5/file_contexts.subs_dist.5.gz
.M....... d /usr/share/man/man5/local.users.5.gz
.M....... d /usr/share/man/man5/media.5.gz
.M....... d /usr/share/man/man5/removable_context.5.gz
.M....... d /usr/share/man/man5/secolor.conf.5.gz
.M....... d /usr/share/man/man5/securetty_types.5.gz
.M....... d /usr/share/man/man5/selabel_db.5.gz
.M....... d /usr/share/man/man5/selabel_file.5.gz
.M....... d /usr/share/man/man5/selabel_media.5.gz
.M....... d /usr/share/man/man5/selabel_x.5.gz
.M....... d /usr/share/man/man5/sepgsql_contexts.5.gz
.M....... d /usr/share/man/man5/service_seusers.5.gz
.M....... d /usr/share/man/man5/seusers.5.gz
.M....... d /usr/share/man/man5/user_contexts.5.gz
.M....... d /usr/share/man/man5/virtual_domain_context.5.gz
.M....... d /usr/share/man/man5/virtual_image_context.5.gz
.M....... d /usr/share/man/man5/x_contexts.5.gz
.M....... d /usr/share/man/man8/avcstat.8.gz
.M....... d /usr/share/man/man8/booleans.8.gz
.M....... d /usr/share/man/man8/getenforce.8.gz
.M....... d /usr/share/man/man8/getsebool.8.gz
.M....... d /usr/share/man/man8/matchpathcon.8.gz
.M....... d /usr/share/man/man8/sefcontext_compile.8.gz
.M....... d /usr/share/man/man8/selinux.8.gz
.M....... d /usr/share/man/man8/selinuxconlist.8.gz
.M....... d /usr/share/man/man8/selinuxdefcon.8.gz
.M....... d /usr/share/man/man8/selinuxenabled.8.gz
.M....... d /usr/share/man/man8/selinuxexeccon.8.gz
.M....... d /usr/share/man/man8/setenforce.8.gz
.M....... /usr/libexec/utempter/utempter
.M....... /usr/libexec/dbus-1/dbus-daemon-launch-helper
.M....... /boot
.M....... /etc
.M....... /etc/X11
.M....... /etc/X11/applnk
.M....... /etc/X11/fontpath.d
.M....... /etc/opt
.M....... /etc/pki
.M....... /etc/pm
.M....... /etc/pm/config.d
.M....... /etc/pm/power.d
.M....... /etc/pm/sleep.d
.M....... /etc/skel
.M....... /etc/sysconfig
.M....... /etc/xdg
.M....... /etc/xdg/autostart
.M....... /etc/xinetd.d
......G.. /home
.M....... /root
.M....... /usr/bin
.M....... /usr/lib
.M....... /usr/lib/games
.M....... /usr/lib/sse2
.M....... /usr/lib64
.M....... /usr/lib64/X11
.M....... /usr/lib64/games
.M....... /usr/lib64/pm-utils
.M....... /usr/lib64/pm-utils/module.d
.M....... /usr/lib64/pm-utils/power.d
.M....... /usr/lib64/pm-utils/sleep.d
.M....... /usr/lib64/sse2
.M....... /usr/lib64/tls
.M....... /usr/sbin
.M....... /usr/share/empty
.M....... /var/spool/mail
.......T. c /etc/openldap/ldap.conf
.M....... /usr/bin/locate
.M....... d /usr/share/man/man1/hardlink.1.gz
.M....... c /etc/default/grub
.M....... c /boot/grub2/grub.cfg
S.5....T. c /etc/sysconfig/authconfig
S.5....T. c /etc/hosts.allow
.M....... c /etc/tuned/active_profile
.M....... c /etc/tuned/profile_mode
....L.... c /etc/pam.d/fingerprint-auth
....L.... c /etc/pam.d/password-auth
....L.... c /etc/pam.d/postlogin
....L.... c /etc/pam.d/smartcard-auth
....L.... c /etc/pam.d/system-auth
.M....... /usr/sbin/pam_timestamp_check
.M....... /usr/sbin/unix_chkpwd
.M....... /usr/bin/screen
.M....... /usr/bin/wall
.M....... /sbin/mount.nfs
........P /usr/bin/ping
........P /usr/sbin/arping
........P /usr/sbin/clockdiff
S.5....T. c /etc/fail2ban/jail.conf
.M....... c /root/.bash_logout
.M....... c /root/.bash_profile
.M....... c /root/.bashrc
.M....... c /root/.cshrc
.M....... c /root/.tcshrc
.M....... /usr/lib/tmpfiles.d/libselinux.conf
..5....T. c /etc/yum.repos.d/CentOS-Vault.repo
.M....... /usr/libexec/openssh/ssh-keysign
.M....... c /etc/sysconfig/kernel

pjsr2
Posts: 614
Joined: 2014/03/27 20:11:07

Re: warning: cannot open /etc/hosts.allow: Permission denied

Post by pjsr2 » 2020/05/12 14:39:36

First of all, if you do not have a good explanation why all the files/directories had their permissions changed you have to consider that your system has been broken into and is compromised.

Code: Select all

rpm -q -f /usr/sbin/postdrop
tells you that /usr/sbin/postdrop belongs to the postfix package.
So fix the permissions for files directories provided by the postfix package with:

Code: Select all

rpm --setperm postfix
Continue with other packages, until you have fixed all problems reported by

Code: Select all

rpm -V -a
S.5....T. c /etc/sysconfig/authconfig
S.5....T. c /etc/hosts.allow
S.5....T. c /etc/fail2ban/jail.conf
..5....T. c /etc/yum.repos.d/CentOS-Vault.repo
These files are changed. Check that the altered content is OK. Are you compromised?
....L.... c /etc/pam.d/fingerprint-auth
....L.... c /etc/pam.d/password-auth
....L.... c /etc/pam.d/postlogin
....L.... c /etc/pam.d/smartcard-auth
....L.... c /etc/pam.d/system-auth
What is going on with these links? Where are they pointing to? Again: are you compromised?

lightman47
Posts: 1521
Joined: 2014/05/21 20:16:00
Location: Central New York, USA

Re: warning: cannot open /etc/hosts.allow: Permission denied

Post by lightman47 » 2020/05/12 14:40:45

I don't see a fix for this as even within folders permissions often differ by file. As a last-ditch attempt to avoid a rebuild, you might try "yum reinstall \*.\*" - it's going to take a while. You'll have to do it on each machine for which groups were changed. If that followed by a reboot doesn't fix it, back up your data and config files and get out your installation media. On the new install, guard against permission changes, especially with wildcards and "-R".

Sorry - unless someone else here knows other magic that would help ...

Post Reply