hosts.deny line too long or too big file?

Question

I have about 50k ip addresses denied in the hosts.deny file, generated by a script with 7 addresses per line max and get this error:

warning: /etc/hosts.deny, line 4429: missing newline or line too long

Line 4429 is the one in the middle here:

ALL: 96.47.225.95, 96.47.225.96, 96.47.225.97, 96.47.225.98, 96.47.225.99, 96.56.113.123, 96.8.112.149
ALL: 98.126.161.178, 98.15.206.118, 98.159.4.16, 98.197.212.67, 98.83.135.94, 98.94.6.213, 98.94.6.78
ALL: 99.167.89.146, 99.177.96.73, 99.235.84.25, 99.244.9.103, 99.49.94.70

whats wrong?

Update:

The warning only appears when at the moment a connection is made up, the hosts.deny file gets written at the same time. (i/o, lock, fopen for write, fopen for read problem).

Answer 1

In my opinion, it doesn't make sense to have such a large `/etc/hosts.deny' file for several reasons:

1. botnet activity can come from possible legitimate sources IP addresses, and it is usually useless to forever block an IP that can just be the temporary public IP of a compromised home computer with dynamic address.
2. there are better tools for this job, like denyhosts, fail2ban, psad, etc... that will provide some protection from the evil doers, without falling in the trap mentioned in the previous paragraph.

Now, if you really need to maintain such a file, you could try to use a file, as explained in the hosts_access(5) manpage, under the PATTERNS section:

PATTERNS

 The access control language implements the following patterns:

  ·      A  string  that  begins  with a `/´ character is treated as a file name. A host name or address is matched if it matches any host name or address pattern listed in the named file. The file format is zero or
          more lines with zero or more host name or address patterns separated by whitespace.  A file name pattern can be used anywhere a host name or address pattern can be used.

I gave it a try, and generated a list:

# echo 123.{1..255}.{1..255}.{1..254} > /etc/list

Added it to the /etc/hosts.deny file:

# echo 'ALL: /etc/list' >> /etc/hosts.deny

Tried some connections and inspected my logs. I haven't been able to reproduce the warning you mentioned.