[Bug 1455061] [NEW] White-listing IP-numbers or networks doesn't work

Thu, 14 May 2015 04:51:14 -0700 

Public bug reported:

Ubuntu version: 15.04
Package: libpam-shield, version 0.9.6-1.1

Allow statements in the configuration file (/etc/security/shield.conf)
aren't correctly matched against the connecting client if an IP-address
or network has been entered.

After trying to connect from my workstation at 172.16.0.52 I'm getting
this in auth.log.

May 14 12:52:44 VB-k64-1504 PAM-shield[2978]: this is version 0.9.6
May 14 12:52:44 VB-k64-1504 PAM-shield[2978]: reading config file 
'/etc/security/shield.conf'
May 14 12:52:44 VB-k64-1504 PAM-shield[2978]: logging debug info
May 14 12:52:44 VB-k64-1504 PAM-shield[2978]: allowing from localhost
May 14 12:52:44 VB-k64-1504 PAM-shield[2978]: allowing from 127.0.0.1/255.0.0.0
May 14 12:52:44 VB-k64-1504 PAM-shield[2978]: allowing from 
172.16.0.0/255.255.255.0
May 14 12:52:44 VB-k64-1504 PAM-shield[2978]: allowing from 
172.16.0.52/255.255.255.255
May 14 12:52:44 VB-k64-1504 PAM-shield[2978]: done reading config file, 0 errors
May 14 12:52:44 VB-k64-1504 PAM-shield[2978]: user test
May 14 12:52:44 VB-k64-1504 PAM-shield[2978]: remotehost 172.16.0.52
May 14 12:52:44 VB-k64-1504 PAM-shield[2978]: missing DNS entry for 172.16.0.52 
(allowed)
May 14 12:52:44 VB-k64-1504 PAM-shield[2978]: remoteip 172.16.0.52
May 14 12:52:44 VB-k64-1504 PAM-shield[2978]: 10 times from 172.16.0.52
May 14 12:52:44 VB-k64-1504 PAM-shield[2978]: running command 'add 172.16.0.52'
May 14 12:52:44 VB-k64-1504 shield-trigger[2981]: blocking 172.16.0.52

Connecting from a host that has a name seems to work, like connecting
from localhost or if I add the 172.16.0.52 machine to /etc/hosts and use
the name instead of IP in the config file.

According to the documentation in the default config file you should be
able to use both IP-numbers and network addresses in "allow" statements.

** Affects: pam-shield (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1455061

Title:
  White-listing IP-numbers or networks doesn't work

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pam-shield/+bug/1455061/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to