Re: [Sheflug] TCP wrappers

[Will Newton <nospam [at] misconception.org.uk>]

On Fri, 30 Mar 2001, Chris J/#6 wrote:

> It's saying connections to ALL services from ALL hosts are DENY'd. But
> when a connection comes in, it runs a trap-door program, safe_finger,
> that attempts to get a user-list from the remote host and mail it to
> root. These days, it's not an effective method as most sites block
> finger, but in ye olde days you could get the user list and email it to
> the admin of the server saying "one of these users is trying to get into
> my box".

Ah, I thought it looked a little bit strange. Not sure I like the idea of
firing up finger every time I get port scanned.

I'd rather have it silently logged. Time to read hosts_access(5) I
suppose.

> Put any entries you want in hosts.allow /before/ the ALL: ALL: DENY rule
> else your rule will never be reached.

I figured that out. After about an hour of head scratching why exim gave
me 554 service unavailable.

> If you want an example of a working hosts.allow (ie, the one sitting on
> my box) let me know. It's got a few nice things: use of PARANOID, setting
> environement variables, rfc in every rule etc...

Go on then, let's have a peek. :)

---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word 
 "unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.