[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sheflug] TCP wrappers




> Ah, I thought it looked a little bit strange. Not sure I like the idea of
> firing up finger every time I get port scanned.
> 
> I'd rather have it silently logged. Time to read hosts_access(5) I
> suppose.

That's what I do - just change the script that spawn executes...the 
deny_log script I have does this:

	#!/bin/sh
	#
	# $1 = address, $2 = host name/address, $3 = user, $4 = daemon
	#
	/usr/bin/Mail -s "DENY: $3@$2 -> $4" root <<!

	WARNING!
	--------

	Hosts.allow detected host that has been denied access:
		Remote address:   $1
		Remote hostname:  $2
		Remote user:      $3
		Attempted daemon: $4

	!

Alternatively, firewall port 79 ... with ipchains, so it logs to 
syslog...you'd need a rule like:

	ipchains -A input -P tcp -D 0/0 79 -j REJECT -l

I think should do it (from top of head), then the connection won't even 
make it to TCP wrappers...remember: the firewall is processed first 
before a packet makes it as far as a user-land program like TCP wrappers 
:)


> 
> > Put any entries you want in hosts.allow /before/ the ALL: ALL: DENY rule
> > else your rule will never be reached.
> 
> I figured that out. After about an hour of head scratching why exim gave
> me 554 service unavailable.
> 

:-) 

> > If you want an example of a working hosts.allow (ie, the one sitting on
> > my box) let me know. It's got a few nice things: use of PARANOID, setting
> > environement variables, rfc in every rule etc...
> 
> Go on then, let's have a peek. :)

"It's in the post" :)

Chris...


-- 
Chris Johnson            \  "If not for me then, do it for yourself. If not
sixie@nccnet.co.uk        \  for then do it for the world." -- Stevie Nicks
www.nccnet.co.uk/~sixie/   ~---------------------------------------+
Redclaw chat - http://redclaw.org.uk - telnet redclaw.org.uk 2000   \______


---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word 
 "unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.