TCP Wrapper Special Use

Source: Internet
Author: User

For more information, see: http://www.ibm.com/developerworks/cn/aix/library/au-tcpwrapper/

I. Usefulness and usage

There is no host configured in Hosts.allow,hosts.deny, SSH to my system, I want to record his actions, in order to use for query authentication only, this time can use the special features of TCP Wrappers. But be sure to install tcp_wrappers software to use: "Yum install Tcp_wrappers". At this point, there will be more detailed operation:

Spawn: Additional work can be done with subsequent shells, and variables can be used:

%h:hostname

%a:address

%d:daemon

Twist: Immediately after a follow-up command, and terminate this connection after execution

Two. Simple example

1. Use of Spawn:

1.1 Set Hosts.allow,hosts.deny. Add the appropriate spawn configuration.

Target: If an unsolicited network segment is logged on to my console, a Mail,mail content form is sent to the root account as:

      Security notice FROM Host * * * *

      The host * * * * which is not permitted tried to SSH to you computer

Hosts.allow

# # Hosts.allow ThisfileContains access ruleswhichis used to# allow or deny connections to network services that# either use the Tcp_wrappers library or That has been# started through a tcp_wrappers-enabled xinetd.## see'Mans 5 Hosts_options'and'Mans 5 Hosts_access'#         forinformation on rule syntax.# see'Mans TCPD'  forinformation on tcp_wrappers#sshd:192.168.1.2,192.168.1.1: Allow

Hosts.deny

    

# # Hosts.deny ThisfileContains access ruleswhichis used to# deny connections to network services this either use# the Tcp_wrappers library or that hav E been# started through a tcp_wrappers-enabled xinetd.## the rulesinchThisfileCan also BES set upinch#        /etc/hosts.allow with a'Deny'option instead.## see'Mans 5 Hosts_options'and'Mans 5 Hosts_access'#         forinformation on rule syntax.# see'Mans TCPD'  forinformation on Tcp_wrappers#sshd:all:spawn (Echo "Security notice from host $ (/bin/hostname)"; \
Echo "The host%h which is not a permitted tried to SSH to you computer";Echo;) |      /bin/mail-s"%d-%h Security"Root

1.2 Try to SSH into this host (192.168.1.11) with host 192.168.1.12 not allowed

Host denied Login

    

1.3 In the host (192.168.1.11) view the received new Mai, the contents are as follows:

L

2.twist usage

Add the settings behind the Hosts.deny file:

    

# # Hosts.deny ThisfileContains access ruleswhichis used to# deny connections to network services this either use# the Tcp_wrappers library or that hav E been# started through a tcp_wrappers-enabled xinetd.## the rulesinchThisfileCan also BES set upinch#        /etc/hosts.allow with a'Deny'option instead.## see'Mans 5 Hosts_options'and'Mans 5 Hosts_access'#         forinformation on rule syntax.# see'Mans TCPD'  forinformation on Tcp_wrappers#sshd:all:spawn (Echo "Security notice from host $ (/bin/hostname)"; \
Echo "The host%h which is not a permitted tried to SSH to you computer";Echo;) |      /bin/mail-s"%d-%h Security"Root &: Twist (/bin/Echo "allowed to ENTER the computer")

When SSH landed on 192.168.1.12 on the 192.168.1.11, there was no allowed to ENTER the computer. Look for a long time problem, but still no solution.

This sshd:all < Span style= "color: #800000;" >echo Span style= "color: #800000;" > "you is not allowed to ENTER the Computer").

Ask the expert to answer

    

TCP Wrapper Special Use

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.