tcp wrappers problem
From: Edward (edward@Cwci.net)Date: 06/28/02
- Next message: Martin Ouwehand: "Re: tcp wrappers problem"
- Previous message: Cristian Costea: "Re: Help need - to remove linux trojan"
- Next in thread: Martin Ouwehand: "Re: tcp wrappers problem"
- Reply: Martin Ouwehand: "Re: tcp wrappers problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Edward" <edward@Cwci.net> Date: Fri, 28 Jun 2002 09:33:53 +0100
I've been following http://www.enteract.com/~lspitz/ids.html in an attempt
to detect port scans against my server from hosts on the LAN.
imap has been configured in /etc/inetd.conf:
imap stream tcp nowait root /usr/local/bin/tcpd imap.trap
(imap.trap is simply a script that exits)
/etc/hosts.allow has the following entry:
imap.trap: ALL: spawn (/var/adm/ids.sh %d %h)
%d This variable returns the daemon process .
%h This variable returns the server hostname, and if it can't find it, it
will return the address.
The script /var/adm/ids.sh simply emails an alert to a predefined address
(it also uses Sambas nmblookup to estiblished the login name of the culprit)
The script works if you run it directly...
e.g.
/var/adm/ids.sh imap 172.1.0.1
...but doesn't work if an attempt is made to connect port 143 (imap). There
are no messages waiting in the mailq.
I can only assume that the syntax of the entry in /etc/hosts.allow isn't
correct??
Thanks,
Edward
- Next message: Martin Ouwehand: "Re: tcp wrappers problem"
- Previous message: Cristian Costea: "Re: Help need - to remove linux trojan"
- Next in thread: Martin Ouwehand: "Re: tcp wrappers problem"
- Reply: Martin Ouwehand: "Re: tcp wrappers problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
