[768] in linux-net channel archive
Re: tcpd hosts.deny format
daemon@ATHENA.MIT.EDU (alex@cconcepts.co.uk)
Mon Jul 24 21:14:03 1995
From: alex@cconcepts.co.uk
To: alex@cconcepts.co.uk
Date: Mon, 24 Jul 1995 12:04:48 +0100 (BST)
Cc: linux-net@vger.rutgers.edu
In-Reply-To: <199507211601.RAA21936@slave.cconcepts.co.uk> from "alex@cconcepts.co.uk" at Jul 21, 95 05:01:13 pm
>
>
> Does anyone actually have the 'booby trap' in tcpd hosts.deny working?
>
> The man page for hosts_access has a long description of something to
> finger the offending host and mail it to the user. This gives me
> a bad option or format.
>
> The man page says the format is
>
> Daemon_list: client_list [ : shell_command ]
>
> however though
>
> ALL: ALL
>
> works,
>
> ALL: ALL: /bin/true
>
> fails (as does, as far as I can see, any command) with 'bad option' or
> equivalent. tcpwrapper 6.3, Slackware (latest), Kernel 1.2.8 bog standard
> system.
>
> Any pointers gratefully appreciated.
Thanks to everyone who replied. For reference, the answer is:
An extension was made to libwrap.a to allow more flexible commands to
be executed. Though the slackware binary I'm using was compiled to use
this option, the man page doesn't mention it, which is unfortunate. There
is also little reason why the extension could not be back compatible.
However, the solution is to add spawn = i.e.
ALL:ALL:spawn = (/usr/sbin/safe_finger -l @%h | /bin/mail -s %d-%h root) &
similarly there is the option twist which sends its output to the
remote client:
ALL:ALL:twist = echo '%h may not connect to this server'
It would be nice if the slackware manpage described this...
Alex
----------------------------+-------------+-----------------------------
Alex Bligh : ,-----. :
Computer Concepts Ltd. : : : alex@cconcepts.co.uk
Gaddesden Place : : ,-----. :
Hemel Hempstead : `-+---` ` : Tel. +44 1442-351000
Herts. UK HP2 6EX : | , : Fax. +44 1442-351010
: `-----` :
----------------------------+-------------+-----------------------------
