Manualshelf

User guide

ManualsBrandsRed Hat ManualsOtherENTERPRISE LINUX 4 - SELINUX GUIDE
61626364656667686970
TCP Wrappers Configuration Files
59
in.telnetd : .example.com \
: spawn /bin/echo `/bin/date` from %h>>/var/log/telnet.log \
: allow
twist — Replaces the requested service with the specified command. This directive is often used
to set up traps for intruders (also called "honey pots"). It can also be used to send messages to
connecting clients. The twist directive must occur at the end of the rule line.
In the following example, clients attempting to access FTP services from the example.com domain
are sent a message using the echo command:
vsftpd : .example.com \
: twist /bin/echo "421 This domain has been black-listed. Access denied!"
For more information about shell command options, refer to the hosts_options man page.
2.3.2.2.4. Expansions
Expansions, when used in conjunction with the spawn and twist directives, provide information
about the client, server, and processes involved.
The following is a list of supported expansions:
%a — Returns the client's IP address.
%A — Returns the server's IP address.
%c — Returns a variety of client information, such as the username and hostname, or the username
and IP address.
%d — Returns the daemon process name.
%h — Returns the client's hostname (or IP address, if the hostname is unavailable).
%H — Returns the server's hostname (or IP address, if the hostname is unavailable).
%n — Returns the client's hostname. If unavailable, unknown is printed. If the client's hostname and
host address do not match, paranoid is printed.
%N — Returns the server's hostname. If unavailable, unknown is printed. If the server's hostname
and host address do not match, paranoid is printed.
%p — Returns the daemon's process ID.
%s —Returns various types of server information, such as the daemon process and the host or IP
address of the server.
%u — Returns the client's username. If unavailable, unknown is printed.
The following sample rule uses an expansion in conjunction with the spawn command to identify the
client host in a customized log file.
When connections to the SSH daemon (sshd) are attempted from a host in the example.com
domain, execute the echo command to log the attempt, including the client hostname (by using the %h
expansion), to a special file:
sshd : .example.com \