[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sheflug] TCP wrappers
> Ah, I thought it looked a little bit strange. Not sure I like the idea of
> firing up finger every time I get port scanned.
>
> I'd rather have it silently logged. Time to read hosts_access(5) I
> suppose.
That's what I do - just change the script that spawn executes...the
deny_log script I have does this:
#!/bin/sh
#
# $1 = address, $2 = host name/address, $3 = user, $4 = daemon
#
/usr/bin/Mail -s "DENY: $3@$2 -> $4" root <<!
WARNING!
--------
Hosts.allow detected host that has been denied access:
Remote address: $1
Remote hostname: $2
Remote user: $3
Attempted daemon: $4
!
Alternatively, firewall port 79 ... with ipchains, so it logs to
syslog...you'd need a rule like:
ipchains -A input -P tcp -D 0/0 79 -j REJECT -l
I think should do it (from top of head), then the connection won't even
make it to TCP wrappers...remember: the firewall is processed first
before a packet makes it as far as a user-land program like TCP wrappers
:)
>
> > Put any entries you want in hosts.allow /before/ the ALL: ALL: DENY rule
> > else your rule will never be reached.
>
> I figured that out. After about an hour of head scratching why exim gave
> me 554 service unavailable.
>
:-)
> > If you want an example of a working hosts.allow (ie, the one sitting on
> > my box) let me know. It's got a few nice things: use of PARANOID, setting
> > environement variables, rfc in every rule etc...
>
> Go on then, let's have a peek. :)
"It's in the post" :)
Chris...
--
Chris Johnson \ "If not for me then, do it for yourself. If not
sixie@nccnet.co.uk \ for then do it for the world." -- Stevie Nicks
www.nccnet.co.uk/~sixie/ ~---------------------------------------+
Redclaw chat - http://redclaw.org.uk - telnet redclaw.org.uk 2000 \______
---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word
"unsubscribe" in the body of the message.
GNU the choice of a complete generation.