0 valutazioniIl 0% ha trovato utile questo documento (0 voti)
10 visualizzazioni1 pagina
The document summarizes a line from a hosts.deny file that denies all systems access to rshd. After blocking access, it runs the safe_finger command to log details of the remote host's logged-in users and emails the results to root. The ampersand runs safe_finger in the background so tcpd can continue working without waiting for it to complete. Safe_finger is a modified, less vulnerable version of finger provided with tcpd wrapper software. The shell command uses tcpd wrapper variables like %h and %d to access details of the incoming connection.
The document summarizes a line from a hosts.deny file that denies all systems access to rshd. After blocking access, it runs the safe_finger command to log details of the remote host's logged-in users and emails the results to root. The ampersand runs safe_finger in the background so tcpd can continue working without waiting for it to complete. Safe_finger is a modified, less vulnerable version of finger provided with tcpd wrapper software. The shell command uses tcpd wrapper variables like %h and %d to access details of the incoming connection.
The document summarizes a line from a hosts.deny file that denies all systems access to rshd. After blocking access, it runs the safe_finger command to log details of the remote host's logged-in users and emails the results to root. The ampersand runs safe_finger in the background so tcpd can continue working without waiting for it to complete. Safe_finger is a modified, less vulnerable version of finger provided with tcpd wrapper software. The shell command uses tcpd wrapper variables like %h and %d to access details of the incoming connection.
rshd : ALL : (safe_finger l @%h | /usr/sbin/mail s %d %h root) &
In this example from a hosts.deny file, all systems are denied access to rshd. After logging the attempted access and blocking it, tcpd sends the safe_finger command to the shell for execution. All versions of finger, including safe_finger, query the remote host to find out who is loggedin to that host. This information can be useful when tracking down an attacker. The result of the safe_finger command is mailed to the root account. The ampersand (&) at the end of the line causes the shell commands to run in the background. This is important; without it, tcpd would sit and wait for these programs to complete before returning to its own work. Note The safe_finger program is provided with the tcpd wrapper software. It is specially modified to be less vulnerable to attack than the standard finger program. There are some variables, such as %h and %d, used in the shell command example. These tcpd wrapper variables, listed in Table 12.1, allow you to take values for the incoming connection anduse them in the shell process.