TCP Wrapper Special Use

For more information, see: http://www.ibm.com/developerworks/cn/aix/library/au-tcpwrapper/

I. Usefulness and usage

There is no host configured in Hosts.allow,hosts.deny, SSH to my system, I want to record his actions, in order to use for query authentication only, this time can use the special features of TCP Wrappers. But be sure to install tcp_wrappers software to use: "Yum install Tcp_wrappers". At this point, there will be more detailed operation:

Spawn: Additional work can be done with subsequent shells, and variables can be used:

%h:hostname

%a:address

%d:daemon

Twist: Immediately after a follow-up command, and terminate this connection after execution

Two. Simple example

1. Use of Spawn:

1.1 Set Hosts.allow,hosts.deny. Add the appropriate spawn configuration.

Target: If an unsolicited network segment is logged on to my console, a Mail,mail content form is sent to the root account as:

　　　　　　Security notice FROM Host * * * *

　　　　　　The host * * * * which is not permitted tried to SSH to you computer

Hosts.allow

# # Hosts.allow ThisfileContains access ruleswhichis used to# allow or deny connections to network services that# either use the Tcp_wrappers library or That has been# started through a tcp_wrappers-enabled xinetd.## see'Mans 5 Hosts_options'and'Mans 5 Hosts_access'#         forinformation on rule syntax.# see'Mans TCPD'  forinformation on tcp_wrappers#sshd:192.168.1.2,192.168.1.1: Allow

Hosts.deny

　　　　

# # Hosts.deny ThisfileContains access ruleswhichis used to# deny connections to network services this either use# the Tcp_wrappers library or that hav E been# started through a tcp_wrappers-enabled xinetd.## the rulesinchThisfileCan also BES set upinch#        /etc/hosts.allow with a'Deny'option instead.## see'Mans 5 Hosts_options'and'Mans 5 Hosts_access'#         forinformation on rule syntax.# see'Mans TCPD'  forinformation on Tcp_wrappers#sshd:all:spawn (Echo "Security notice from host $ (/bin/hostname)"; \
Echo "The host%h which is not a permitted tried to SSH to you computer";Echo;) |         　　　　　/bin/mail-s"%d-%h Security"Root

1.2 Try to SSH into this host (192.168.1.11) with host 192.168.1.12 not allowed

Host denied Login

　　　　

1.3 In the host (192.168.1.11) view the received new Mai, the contents are as follows:

L

2.twist usage

Add the settings behind the Hosts.deny file:

　　　　

# # Hosts.deny ThisfileContains access ruleswhichis used to# deny connections to network services this either use# the Tcp_wrappers library or that hav E been# started through a tcp_wrappers-enabled xinetd.## the rulesinchThisfileCan also BES set upinch#        /etc/hosts.allow with a'Deny'option instead.## see'Mans 5 Hosts_options'and'Mans 5 Hosts_access'#         forinformation on rule syntax.# see'Mans TCPD'  forinformation on Tcp_wrappers#sshd:all:spawn (Echo "Security notice from host $ (/bin/hostname)"; \
Echo "The host%h which is not a permitted tried to SSH to you computer";Echo;) |         　　　　　/bin/mail-s"%d-%h Security"Root &: Twist (/bin/Echo "allowed to ENTER the computer")

When SSH landed on 192.168.1.12 on the 192.168.1.11, there was no allowed to ENTER the computer. Look for a long time problem, but still no solution.

This sshd:all < Span style= "color: #800000;" >echo Span style= "color: #800000;" > "you is not allowed to ENTER the Computer").

Ask the expert to answer

　　　　

TCP Wrapper Special Use