46
Chapter 5. Server Security
The
%c
token supplies a variety of client information, such as the username and hostname, or the
username and IP address to make the connection even more intimidating. The Official Red Hat Linux
Reference Guide has a list of other tokens available for TCP wrappers.
For this banner to be presented to incoming connections, add the following line to the
/etc/hosts.allow
file:
in.ftpd : ALL : banners /etc/banners/
5.1.1.2. TCP Wrappers and Attack Warnings
If a particular host or network has been caught attacking the server, TCP wrappers can be used to warn
of subsequent attacks from that host or network via the
spawn
directive.
In this example, assume that a cracker from the 206.182.68.0/24 network has been caught attempting
to attack the server. By placing the following line in the
/etc/hosts.deny
file, the connection
attempt is denied and logged into a special file:
ALL : 206.182.68.0 : spawn /bin/ 'date' %c %d >> /var/log/intruder_alert
The
%d
token supplies the name of the service that the attacker was trying to access.
To allow the connection and log it, place the
spawn
directive in the
/etc/hosts.allow
file.
Note
Since the spawn directive executes any shell command, you can create a special script to notify you
or execute a chain of commands in the event that a particular client attempts to connect to your
server.
5.1.1.3. TCP Wrappers and Enhanced Logging
If certain types of connections are of more concern than others, the log level can be elevated for that
service via the
severity
option.
In this example, assume anyone attempting to connect to port 23 (the Telnet port) on our FTP server
is a cracker. To denote this, place a
warning
flag in the log files instead of the default flag,
info
, and
deny the connection.
To do this, place the following line in
/etc/hosts.deny
:
in.telnetd : ALL : severity warning
This will use the default
authpriv
logging facility, but elevate the priority from the default value of
info
to
warning
.
5.1.2. Enhancing Security With
xinetd
The
xinetd
is another useful tool for control access its subordinate services. This section will focus
on how
xinetd
can be used to set a trap service and control the amount of resources any given
xinetd
service can use in order to thwart denial of service attacks. For a more thorough list of the
options available, see the man pages for
xinetd
and
xinetd.conf
.
footer
Our partners:
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting
Jsp Web Hosting
Cheapest Web Hosting
Jsp Hosting
Cheap Hosting
Visionwebhosting.net Business web hosting division of Web
Design Plus. All rights reserved