When is the hosts.deny and superhosts.deny file regenerated ?

[ZerooCool]

When is the hosts.deny and superhosts.deny file regenerated ?

Every day ? Every week ? Each month ?
I would like to know, to be able to optimize my tutorial and the periods on the cron tasks allowing the update.

[funilrys]

Hi @ZerooCool,

Thanks for asking. It's something we did not document yet!

Here they are (May be changed in the future!):

Times are in UTC (Every day)	Start	End
Central Repository (GitHub)	≈ 19:05	≈ 19:15
API / Search engine	19:05	≈ 19:20
Central Mirror (hosts.ubuntu101.co.za)	19:20	≈ 19:25
DNS Server (#293)	19:20	≈ 19:30

Sometimes because of network or other issues, it may take much more time. So, If you want to be on the safe side, always fetch from 20:15 (UTC) !

Hey @dnmTX @smed79, how could we document this correctly?

Stay safe and healthy.

Nissar

[ZerooCool]

Ok ! I add this to my notes ! Thank you !
https://wiki.visionduweb.fr/index.php?title=Sommaire_S%C3%A9curit%C3%A9#T.C3.A9l.C3.A9charger_une_version_.C3.A0_jour_du_fichier_hosts.deny

Mentioned on debian user french, it was a question of the confidence granted as for the origin of the data.

Here I have to trust the downloaded content.

This could be fine-tuned, I suppose, with certificate checks, or, a check policy based on md5sum, or both, and, maybe even other methods that I'm gradually discovering.

Is something already there, to allow me to trust the download site?

Sommaire Sécurité — Analyse Développement Hacking

[spirillen]

Hey @ZerooCool I scouted the link you posted... as I don't speak french I was looking at the code.

What I stumbled on, is it seems you are missing a whitelist you run before imported external data (deny.host) which could lead to users gotten locked out from them self 🤳

For a easy step to fill into you code lines you can use something like grep -v file1 file2 or the bit more complicated both yet easier at the end result

for w in whitelist
do
  sed -i '/$w/d' path to host.deny
done

However this could maybe be enhanced by building an array first.

[ZerooCool]

Normally, I do not block anything, because, only one user in my case is whitelisted.

The black list covers everything else.

I understand the idea despite everything, it would be to purge from the black list, all existing matches in the white list.

for w in /etc/hosts.allow
do
  sed -i '/$w/d' /tmp/hosts.deny
done

After that, i cp /tmp/hosts.deny to /etc/hosts.deny

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[funilrys]

.

[spirillen]

Hi @ZerooCool,

Thanks for asking. It's something we did not document yet!

Here they are (May be changed in the future!):
Times are in UTC (Every day) Start End
Central Repository (GitHub) ≈ 19:05 ≈ 19:15
API / Search engine 19:05 ≈ 19:20
Central Mirror (hosts.ubuntu101.co.za) 19:20 ≈ 19:25
DNS Server (#293) 19:20 ≈ 19:30

Sometimes because of network or other issues, it may take much more time. So, If you want to be on the safe side, always fetch from 20:15 (UTC) !

Hey @dnmTX @smed79, how could we document this correctly?

Stay safe and healthy.

Nissar

Put it before ADDITIONS / REMOVALS / CORRECTIONS in the README as Sources get updated by... or When is the list updated