From: Reindl Harald Date: September 10 2011 5:30pm Subject: Re: MySQL daemons restarting every 7 minutes List-Archive: http://lists.mysql.com/mysql/225718 Message-Id: <4E6B9EAA.5030901@thelounge.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigEE07D708ECF92F274E14FC73" --------------enigEE07D708ECF92F274E14FC73 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Am 10.09.2011 19:21, schrieb a.smith@stripped: > Hi Walter/all, >=20 > ok nailed it, the issue is the default hosts.allow installed on FreeB= SD, and specifically the last section that > denies everything. By default it looks like this: >=20 > # The rest of the daemons are protected. > ALL : ALL \ > : severity auth.info \ > : twist /bin/echo "You are not welcome to use %d from %h." >=20 > The twist command breaks it. In theory this is just meant to send a cus= tom message back to the application calling > the tcp wrapper library. I'm not sure if this should work in theory or = not, but the twist command is also meant to > close the connection so possibly the behaviour I see is normal and just= not compatible with MySQL. >=20 > Anyway, its not a great default for FreeBSD given that MySQL also insta= lls by default with support for tcp > wrappers. The two together results in a broken configuration. well, and that is why i said nobody is using hosts.allow in real life if you want to protect anything use packet-filters i have seen so many peopole typing something in hosts.allow and not realizing that the service is not using tcp-wrappers which means there is no protection - additionaly most peopole doe snot test their configurations really well the point of "not testing configurations" affects you too because if you would have tested this the issue would have been happened after the first connection long before go in production --------------enigEE07D708ECF92F274E14FC73 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk5rnqoACgkQhmBjz394Ankc/ACggr65JD5Ch/DXjAOWXATer1AK 2JsAoJAyO7QXccH+HomdDiQ0cXLwam/g =aNbW -----END PGP SIGNATURE----- --------------enigEE07D708ECF92F274E14FC73--