On Fri Sep 11 1998, Lei Miao wrote:
> I am using tcpd on the telnet service. I have the following line in the
> hosts.deny file.
>
> in.telnetd: ALL: (echo "%d - %h" | mail -s "Telnet Trap" [EMAIL PROTECTED])
>
> I had some problems with it and then I ran "tcpd" and got the following
>
> error: /etc/hosts.deny, line 10: bad option name: "(echo"
No no... you need to use "spawn". See below.
> This is what I don't understand. According "man 5 hosts_access", it is
> said that the third field can be written as a shell command to be
> executed if the previous two fields are matched on an access. (in this
> case, telnet).
>
> Could someone shed some light on this issue? Is there a version issue
> here?
This is what I'm using, and you are quite welcome to borrow this... it is
very informative, and such mail will include a useful "Subject: " line.
In /etc/hosts.allow I'm specifying exactly what I want to allow.
In /etc/hosts.deny I'm denying everything else.
Very secure.
I'm then sending mail to root when such a connection is attempted:
# /etc/hosts.deny
# deny all that is not mentioned in /etc/hosts.allow
# email to root to notify all denied connections
#
ALL : ALL : spawn ( \
/bin/echo -e "\n\
TCP Wrappers\: Connection Refused\n\
By\: $(uname -n)\n\
Process\: %d (pid %p)\n\
User\: %u\n\
Host\: %c\n\
Date\: $(date)\n\
" | /bin/mail -s \
"$(uname -n) wrappers\: %d refused for %c" root ) &
This works just great (on my RedHat 5.1 box). (I actually have multiple
recepients mentioned, not just root).
Beware that there are some daemons that aren't run via inetd but are still
linked against the tcp_wrappers library and you have to specifically allow
them in /etc/hosts.allow:
- portmap: if you want portmap connections (eg, for YP or NFS).
- sshd is often linked against it too (and you will also need a sshX11-fwd
entry that references the full name of the local host).
Cheers
Tony
