Archive for the tag 'tcp'

SBDavid
Oct 20th, 2009

Examples that show some features of TCP wrapper

Examples that show some features of TCP wrapper

If you just want to restrict ssh connections without configuring or using /etc/hosts.deny, you can add the following entries to /etc/hosts.allow:

sshd: station1 station2 station3
sshd: ALL: DENY

The version of TCP wrapper that comes with Red Hat also supports the extended options documented in the hosts_options(5)man page. Here is an example how an additional program can be spawned in e.g. the /etc/hosts.allow file:

sshd: ALL : spawn echo “Login from %c to %s” | mail -s “Login Info for %s” log@loghost

For information on the % expansions, see “man 5 hosts_access”.

The TCP wrapper is quite flexible.

And xinetd provides its own set of host-based and time-based access control functions. You can even tell xinetd to limit the rate of incoming connections.

The TCP wrapper is quite flexible. And xinetd provides its own set of host-based and time-based access control functions. You can even tell xinetd to limit the rate of incoming connections.

SBDavid
Sep 29th, 2009

TCP Wrappers and Enhanced Logging

TCP Wrappers and Enhanced Logging

If certain types of connections are of more concern than others, the log level can be elevated for that service via the severity option.

For this example, assume anyone attempting to connect to port 23 (the Telnet port) on an FTP server is a cracker. To denote this, place a emerg flag in the log files instead of the default flag, info, and deny the connection.

To do this, place the following line in /etc/hosts.deny:

in.telnetd : ALL : severity emerg

This uses the default authpriv logging facility, but elevates the priority from the default value of info to emerg, which posts log messages directly to the console.

SBDavid
Sep 29th, 2009

Securing Services With TCP Wrappers and xinetd

Securing Services With TCP Wrappers and xinetd

TCP wrappers provide access control to a variety of services. Most modern network services, such as SSH, Telnet, and FTP, make use of TCP wrappers, which stand guard between an in-coming request and the requested service.

The benefits offered by TCP wrappers are enhanced when used in conjunction with xinetd, a super service that provides additional access, logging, binding, redirection, and resource utilization control.

For a thorough list of TCP wrapper functionality and control language, refer to the hosts_options man page.

To implement a TCP wrappers banner for a service, use the banner option.

This example implements a banner for vsftpd. To begin, create a banner file. It can be any-where on the system, but it must bear same name as the daemon. For this example, the file is called /etc/banners/vsftpd.

The contents of the file look like this:

Hello, %c All activity on ftp.serverbuddies.com is logged.

The %c token supplies a variety of client information, such as the username and hostname, or the username and IP address to make the connection even more intimidating.

For this banner to be presented to incoming connections, add the following line to the /etc/hosts.allow file:

vsftpd : ALL : banners /etc/banners/
SBDavid
Jul 28th, 2009

see all tcp sockets currently open

In order to see all TCP sockets currently open, run (as root).

# lsof -i TCP

If all of the sockets in question on your webserver port (port 80), you should be able to list only those with

# lsof -i TCP:80

lsof is another tool for locating open files. lsof (no options) will list all files opened by any processes currently running. To restrict this to processes owned by username, use

lsof -u username.

« Prev