[777] in linux-net channel archive
Re tcpd hosts.deny format
daemon@ATHENA.MIT.EDU (Brian Haney)
Wed Jul 26 08:42:21 1995
From: brian@cybernaut.com (Brian Haney)
To: linux-net@vger.rutgers.edu (Linux linux-net list)
Date: Tue, 25 Jul 1995 17:58:49 -0700 (PDT)
alex@cconcepts.co.uk said:
> > Does anyone actually have the 'booby trap' in tcpd hosts.deny working?
> >
> > The man page for hosts_access has a long description of something to
> > finger the offending host and mail it to the user. This gives me
> > a bad option or format.
> >
> > The man page says the format is
> >
> > Daemon_list: client_list [ : shell_command ]
> >
> > however though
> >
> > ALL: ALL
> >
> > works,
> >
> > ALL: ALL: /bin/true
> >
> > fails (as does, as far as I can see, any command) with 'bad option' or
> > equivalent. tcpwrapper 6.3, Slackware (latest), Kernel 1.2.8 bog standard
> > system.
> >
> > Any pointers gratefully appreciated.
>
> Thanks to everyone who replied. For reference, the answer is:
>
> An extension was made to libwrap.a to allow more flexible commands to
> be executed. Though the slackware binary I'm using was compiled to use
> this option, the man page doesn't mention it, which is unfortunate. There
> is also little reason why the extension could not be back compatible.
>
> However, the solution is to add spawn = i.e.
>
> ALL:ALL:spawn = (/usr/sbin/safe_finger -l @%h | /bin/mail -s %d-%h root) &
>
> similarly there is the option twist which sends its output to the
> remote client:
>
> ALL:ALL:twist = echo '%h may not connect to this server'
>
> It would be nice if the slackware manpage described this...
>
It is not a SlackWare issue: the authors of tcpd wrote the
man page to document their product.
Yes, they should have mentioned ``advanced options, see
hosts_options(4)''.
--
Brian Haney brian@cybernaut.com
------------------------------------------------------------------------
CyberNautix, Inc. info@cybernaut.com
Open Systems Services Int'l: 707.427.2633
UNIX, C, and Internet Training U.S.: 800.7.NAUTIX
Consulting http://www.community.net/~nautix
