When localhost is not
Posted: | More posts about lucid security ubuntu ubuntu planet vps
/etc/hosts is a file where these entries should never be touched:
127.0.0.1 localhost ::1 ip6-localhost ip6-loopback
However, during my last trip to my VPS to fix my mail system after opendkim update in Ubuntu 10.04 I found something interesting in netstat:
$ sudo netstat -lntp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address ... PID/Program name ... tcp 0 0 188.8.131.52:8891 ... 15410/opendkim
Basically, when I specified localhost in opendkim configuration, it was listening on a public interface instead. Pinging localhost revealed it is actually a non-loopback address:
$ ping localhost PING yankee.lappyfamily.net (184.108.40.206) 56(84) bytes of data. ...
It looks like it’s been this way since the very begninning, as my /etc/hosts had the following:
# Auto-generated hostname. Please do not remove this comment. 220.127.116.11 yankee.lappyfamily.net yankee localhost 204538 localhost.localdomain
And this was clearly a misconfiguration (I am sure 204538 is a good hostname).
I looked at my local Ubuntu installation and updated the VPS so that the hosts file became:
127.0.0.1 localhost ::1 ip6-localhost ip6-loopback # Auto-generated hostname. Please do not remove this comment. 18.104.22.168 yankee.lappyfamily.net yankee
After this I restarted all the applications that were supposed to listen on the loopback interface and verified the fix with netstat again.
First of all, you need to have a firewall configured on your servers and allow only trusted incoming connections to trusted applications. This is what prevented my opendkim installation from accepting the incoming requests from the internet.
Second, you need to verify that localhost actually refers to the loopback interface and does not resolve to your public one, as you have a fully qualified name for that purpose.
I found that now the control panel for the VPS I am using correctly generates the hostname line, but it may not have been the case a year ago when I got the VPS first configured.