Date: Thu, 06 Feb 1997 00:59:29 -0500 From: Chris Shenton <chris@absinthe.i3inc.com> To: freebsd@trogon.kiwi.net Cc: freebsd@nwpros.com, ricardo@americasnet.com, freebsd-isp@freebsd.org Subject: Re: hacking - help Message-ID: <199702060559.AAA14627@absinthe.i3inc.com> In-Reply-To: Your message of "Wed, 5 Feb 1997 21:19:30 -0800 (PST)" References: <Pine.NEB.3.95.970205211820.13315B-100000@trogon.kiwi.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 5 Feb 1997 21:19:30 -0800 (PST) "Christopher H. Taylor" <freebsd@trogon.kiwi.net> wrote: freebsd> How would I echo a message to the screen when someone who is freebsd> in host.deny, tries to telnet into my box. I use tcp wrappers, and have failures send email to the alias "security", which goes to our sysadms. Here's my /usr/local/etc/hosts.deny; it captures all the variables tcpd knows -- probably overkill, but helps when the user and host name cannot be determined: # Deny everyone, unless they're explicitly allowed. # Don't reverse finger on an incoming finger: avoid finger-wars. fingerd: ALL # Let the security geeks know about all other probes! ALL: ALL: /usr/local/etc/safe_finger -l @%h | /usr/sbin/Mail -s "TCP_Wrapper Al ert: `/usr/bsd/hostname` %s attacked by %u@%n [%a] (a=%a, A=%A, c=%c, d=%d, h=% h, H=%H, n=%n, N=%N, p=%p, s=%s, u=%u)" security@it This one runs on an SGI, so the paths will be different than FreeBSD. But all you should have to do is change them to where the binaries run on your system... Oh, here's one I do have running on a FreeBSD system. It must have been pre-installed when I build the tcpd port -- which builds it slightly differently than I do on other operating systems I use: ftpd: ALL ALL: ALL: spawn (/usr/local/bin/safe_finger -l @%h | /usr/bin/Mail root) & It's doing essentially the same thing.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199702060559.AAA14627>