Shell Commands - Red Hat ENTERPRISE LINUX 5 - DEPLOYMENT Deployment Manual
Hide thumbs
Also See for ENTERPRISE LINUX 5 - DEPLOYMENT:
- Manual (402 pages) ,
- Configuration (86 pages) ,
- Overview (68 pages)
Table of Contents
Advertisement
By allowing access control on a per-rule basis, the option field allows administrators to consolidate all
access rules into a single file: either hosts.allow or hosts.deny. Some administrators consider
this an easier way of organizing access rules.
43.5.2.2.3. Shell Commands
Option fields allow access rules to launch shell commands through the following two directives:
• spawn — Launches a shell command as a child process. This directive can perform tasks like using
/usr/sbin/safe_finger to get more information about the requesting client or create special
log files using the echo command.
In the following example, clients attempting to access Telnet services from the example.com
domain are quietly logged to a special file:
in.telnetd : .example.com \
: spawn /bin/echo `/bin/date` from %h>>/var/log/telnet.log \
: allow
• twist — Replaces the requested service with the specified command. This directive is often used
to set up traps for intruders (also called "honey pots"). It can also be used to send messages to
connecting clients. The twist directive must occur at the end of the rule line.
In the following example, clients attempting to access FTP services from the example.com domain
are sent a message using the echo command:
vsftpd : .example.com \
: twist /bin/echo "421 This domain has been black-listed. Access denied!"
For more information about shell command options, refer to the hosts_options man page.
43.5.2.2.4. Expansions
Expansions, when used in conjunction with the spawn and twist directives, provide information
about the client, server, and processes involved.
The following is a list of supported expansions:
• %a — Returns the client's IP address.
• %A — Returns the server's IP address.
• %c — Returns a variety of client information, such as the username and hostname, or the username
and IP address.
• %d — Returns the daemon process name.
• %h — Returns the client's hostname (or IP address, if the hostname is unavailable).
• %H — Returns the server's hostname (or IP address, if the hostname is unavailable).
• %n — Returns the client's hostname. If unavailable, unknown is printed. If the client's hostname and
host address do not match, paranoid is printed.
TCP Wrappers Configuration Files
659
Advertisement
Table of Contents
Need help?
Do you have a question about the ENTERPRISE LINUX 5 - DEPLOYMENT and is the answer not in the manual?
Questions and answers