Mailinglist Archive: opensuse-security (232 mails)

< Previous Next >
Re: Re: portmap only for local interfaces
  • From: Henning Hucke <h_hucke@xxxxxxxxxxxxxxxx>
  • Date: Tue, 4 Oct 2005 11:46:11 +0200 (CEST)
  • Message-id: <Pine.LNX.4.58.0510041142310.17582@xxxxxxxxxxxxxxxx>
On Tue, 4 Oct 2005, Polarizer wrote:

> /etc/hosts.deny
> # deny all
> ALL : ALL

And if one want's got receive notification on misuse try

ALL: ALL: spawn ( /usr/local/lib/tcpwrapper/counterintelligence/finger_and_trace route -a %a -i %c -s %d -n %h | mail -s "%d-%h offence" security@localhost) &

(Script attached).

Best regards
Henning Hucke
--
What fools these morals be!#!/bin/bash
##
## This script runs some counterintelligence on connections denied by the
## tcpwrapper meachnism. This instance tries a finger and a traceroute to
## the access source.
##
##--- Set some varibales
## What is the name of this script?
SCNAME="${0##*/}"
## Current date
DATETIME="`date`"
## Use which syslog facility
SYSLOG_FACILITY='daemon'
## Which syslog priority to use for normal output?
SYSLOG_INFO_PRIORITY='info'
## Which syslog priority to use for error output?
SYSLOG_WARN_PRIORITY='warn'
## Informations about the hostile system
hostile_addr='0.0.0.0'
hostile_clientinfo='unknown@localhost'
hostile_localservice='unknown'
hostile_hostname='localhost'
##---
exec 3<&1
if LOGGER="`which logger 2>/dev/null` -t $SCNAME"; then
exec > >( $LOGGER -p ${SYSLOG_FACILITY}.${SYSLOG_INFO_PRIORITY} )
exec 2> >( $LOGGER -p ${SYSLOG_FACILITY}.${SYSLOG_WARN_PRIORITY} )
else
LOGGER=''
fi

while [ $# -gt 0 ]; do
case "$1" in
--client-addr|-a)
hostile_addr="$2"
shift;;
--client-info|-i)
hostile_clientinfo="$2"
shift;;
--service|-s)
hostile_localservice="$2"
shift;;
--client-hostname|-n)
hostile_hostname="$2"
shift;;
-*)
echo "${LOGGER:+$SCNAME: }Unknown option '$1'" >&2
exit 10;;
*)
echo "${LOGGER:+$SCNAME: }Unknown argument '$1'" >&2
exit 10;;
esac
shift
done

cat <<-EOI >&3
User ${hostile_clientinfo} is trying to use ${hostile_localservice}.
Current date is '${DATETIME}'
Traceroute-output follows
---------------------------------
EOI
/usr/sbin/traceroute -n ${hostile_addr##::ffff:} >&3
cat <<-EOI >&3
Finger information follows
---------------------------------
EOI
/usr/sbin/safe_finger @${hostile_hostname} >&3
< Previous Next >