From owner-freebsd-isp Wed Feb 5 22:02:04 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id WAA14402 for isp-outgoing; Wed, 5 Feb 1997 22:02:04 -0800 (PST) Received: from absinthe.i3inc.com (Absinthe.stonos.washington.dc.us [206.27.237.33]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id WAA14288 for ; Wed, 5 Feb 1997 22:01:44 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by absinthe.i3inc.com (8.7.2/8.7.2) with SMTP id AAA14627; Thu, 6 Feb 1997 00:59:30 -0500 (EST) Message-Id: <199702060559.AAA14627@absinthe.i3inc.com> X-Authentication-Warning: absinthe.i3inc.com: Host localhost [127.0.0.1] didn't use HELO protocol To: freebsd@trogon.kiwi.net Cc: freebsd@nwpros.com, ricardo@americasnet.com, freebsd-isp@freebsd.org Subject: Re: hacking - help In-Reply-To: Your message of "Wed, 5 Feb 1997 21:19:30 -0800 (PST)" References: X-Mailer: Mew version 1.03 on Emacs 19.34.1 Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Date: Thu, 06 Feb 1997 00:59:29 -0500 From: Chris Shenton Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Wed, 5 Feb 1997 21:19:30 -0800 (PST) "Christopher H. Taylor" wrote: freebsd> How would I echo a message to the screen when someone who is freebsd> in host.deny, tries to telnet into my box. I use tcp wrappers, and have failures send email to the alias "security", which goes to our sysadms. Here's my /usr/local/etc/hosts.deny; it captures all the variables tcpd knows -- probably overkill, but helps when the user and host name cannot be determined: # Deny everyone, unless they're explicitly allowed. # Don't reverse finger on an incoming finger: avoid finger-wars. fingerd: ALL # Let the security geeks know about all other probes! ALL: ALL: /usr/local/etc/safe_finger -l @%h | /usr/sbin/Mail -s "TCP_Wrapper Al ert: `/usr/bsd/hostname` %s attacked by %u@%n [%a] (a=%a, A=%A, c=%c, d=%d, h=% h, H=%H, n=%n, N=%N, p=%p, s=%s, u=%u)" security@it This one runs on an SGI, so the paths will be different than FreeBSD. But all you should have to do is change them to where the binaries run on your system... Oh, here's one I do have running on a FreeBSD system. It must have been pre-installed when I build the tcpd port -- which builds it slightly differently than I do on other operating systems I use: ftpd: ALL ALL: ALL: spawn (/usr/local/bin/safe_finger -l @%h | /usr/bin/Mail root) & It's doing essentially the same thing.