Red Hat ENTERPRISE LINUX 4 - SECURITY GUIDE Manual page 52
Hide thumbs
Also See for ENTERPRISE LINUX 4 - SECURITY GUIDE:
- Manual (410 pages) ,
- System administration manual (400 pages) ,
- Administration manual (200 pages)
Table of Contents
Advertisement
Chapter 5. Server Security
The contents of the file look like this:
220-Hello, %c 220-All activity on ftp.example.com is logged. 220-Act up and you will be
banned.
The %c token supplies a variety of client information, such as the username and hostname, or the
username and IP address to make the connection even more intimidating. The Reference Guide has a
list of other tokens available for TCP wrappers.
For this banner to be presented to incoming connections, add the following line to the /etc/
hosts.allow file:
vsftpd : ALL : banners /etc/banners/
5.1.1.2. TCP Wrappers and Attack Warnings
If a particular host or network has been caught attacking the server, TCP wrappers can be used to
warn the administrator of subsequent attacks from that host or network via the spawn directive.
In this example, assume that a cracker from the 206.182.68.0/24 network has been caught attempting
to attack the server. By placing the following line in the /etc/hosts.deny file, the connection
attempt is denied and logged into a special file:
ALL : 206.182.68.0 : spawn /bin/ 'date' %c %d >> /var/log/intruder_alert
The %d token supplies the name of the service that the attacker was trying to access.
To allow the connection and log it, place the spawn directive in the /etc/hosts.allow file.
Note
Since the spawn directive executes any shell command, create a special script to notify
the administrator or execute a chain of commands in the event that a particular client
attempts to connect to the server.
5.1.1.3. TCP Wrappers and Enhanced Logging
If certain types of connections are of more concern than others, the log level can be elevated for that
service via the severity option.
For this example, assume anyone attempting to connect to port 23 (the Telnet port) on an FTP server
is a cracker. To denote this, place a emerg flag in the log files instead of the default flag, info, and
deny the connection.
To do this, place the following line in /etc/hosts.deny:
in.telnetd : ALL : severity emerg
This uses the default authpriv logging facility, but elevates the priority from the default value of
info to emerg, which posts log messages directly to the console.
40
Advertisement
Table of Contents
Related Manuals for Red Hat ENTERPRISE LINUX 4 - SECURITY GUIDE
Related Products for Red Hat ENTERPRISE LINUX 4 - SECURITY GUIDE
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 4.5
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 4.6
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 4.7
- Red Hat ENTERPRISE LINUX 4 - DM MULTIPATH
- Red Hat ENTERPRISE LINUX 4 - LVM ADMINISTRATOR
- Red Hat ENTERPRISE LINUX 4 - USING BINUTILS
- Red Hat ENTERPRISE LINUX 4 - STEP BY STEP GUIDE
- Red Hat ENTERPRISE LINUX 4.5.0 -
- Red Hat ENTERPRISE LINUX 3 - SECURITY GUIDE
- Red Hat ENTERPRISE LINUX 3 - USING BINUTILS
- Red Hat ENTERPRISE LINUX 3 - STEP BY STEP GUIDE
- Red Hat ENTERPRISE LINUX 5.1 DM MULTIPATH
- Red Hat LINUX 7.2 - OFFICIAL LINUX CUSTOMIZATION GUIDE
- Red Hat LINUX 7.1 - ISERIES
- Red Hat Enterprise Linux 2.1
- Red Hat CLUSTER FOR ENTERPRISE LINUX 5.0
Need help?
Do you have a question about the ENTERPRISE LINUX 4 - SECURITY GUIDE and is the answer not in the manual?
Questions and answers