TCP Wrappers Configuration Files
655
•
<option>
— An optional action or colon-separated list of actions performed when the rule is
triggered. Option fields support expansions, launch shell commands, allow or deny access, and alter
logging behavior.
Note
More information on the specialist terms above can be found elsewhere in this Guide:
•
Section 43.5.2.1.1, “Wildcards”
•
Section 43.5.2.1.2, “Patterns”
•
Section 43.5.2.2.4, “Expansions”
•
Section 43.5.2.2, “Option Fields”
The following is a basic sample hosts access rule:
vsftpd : .example.com
This rule instructs TCP Wrappers to watch for connections to the FTP daemon (
vsftpd
) from any
host in the
example.com
domain. If this rule appears in
hosts.allow
, the connection is accepted. If
this rule appears in
hosts.deny
, the connection is rejected.
The next sample hosts access rule is more complex and uses two option fields:
sshd : .example.com \ : spawn /bin/echo `/bin/date` access denied>>/var/log/sshd.log \ : deny
Note that each option field is preceded by the backslash (\). Use of the backslash prevents failure of
the rule due to length.
This sample rule states that if a connection to the SSH daemon (
sshd
) is attempted from a host in the
example.com
domain, execute the
echo
command to append the attempt to a special log file, and
deny the connection. Because the optional
deny
directive is used, this line denies access even if it
appears in the
hosts.allow
file. Refer to
Section 43.5.2.2, “Option Fields”
for a more detailed look at
available options.
43.5.2.1.1. Wildcards
Wildcards allow TCP Wrappers to more easily match groups of daemons or hosts. They are used
most frequently in the client list field of access rules.
The following wildcards are available:
•
ALL
— Matches everything. It can be used for both the daemon list and the client list.
•
LOCAL
— Matches any host that does not contain a period (.), such as localhost.
•
KNOWN
— Matches any host where the hostname and host address are known or where the user is
known.
•
UNKNOWN
— Matches any host where the hostname or host address are unknown or where the user
is unknown.
Содержание ENTERPRISE LINUX 5 - VIRTUAL SERVER ADMINISTRATION
Страница 22: ...xxii ...
Страница 28: ......
Страница 36: ...10 ...
Страница 40: ...14 ...
Страница 96: ...70 ...
Страница 116: ...90 ...
Страница 144: ...118 ...
Страница 146: ......
Страница 158: ...132 ...
Страница 165: ...Installing and Removing Packages 139 Figure 11 7 Installing and removing packages simultaneously ...
Страница 166: ...140 ...
Страница 172: ...146 ...
Страница 178: ......
Страница 228: ...202 ...
Страница 264: ...238 ...
Страница 318: ...292 ...
Страница 330: ...304 ...
Страница 388: ...362 ...
Страница 428: ...402 ...
Страница 452: ......
Страница 458: ...432 ...
Страница 476: ...450 ...
Страница 478: ...452 ...
Страница 494: ...468 ...
Страница 498: ...472 ...
Страница 530: ...504 ...
Страница 536: ...510 ...
Страница 544: ...Chapter 36 Log Files 518 Figure 36 7 Log file contents after five seconds ...
Страница 546: ......
Страница 550: ...524 ...
Страница 576: ......
Страница 584: ...558 ...
Страница 608: ......
Страница 776: ...750 ...
Страница 796: ...770 ...
Страница 800: ...774 ...
Страница 804: ......
Страница 806: ...780 ...
Страница 808: ...782 ...
Страница 816: ...790 ...
Страница 820: ...794 ...
Страница 822: ...796 ...
Страница 830: ...804 ...
Страница 836: ...810 ...
Страница 844: ...818 ...
Страница 848: ...822 ...