[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Logging atempts



On Sun, Jul 16, 2000 at 04:21:28PM +0000, Patrick Barr wrote:
> 
> I need somebodys help on this....
> 
> What I want to do, is run a programme that will monitor my ppp0 
> connection for any attempts from anyone to connect to a port and FAIL. 
> I am running 2.4.0 test2 (but I will soon move back to 2.2.16 when 
> potato comes out) and I dont have netfilter on, I just have hosts.deny 
> set to all:all.

If you are looking to see if someone is getting through your ipchains and
getting stopped by tcp_wrappers, you can change your hosts.deny from
ALL: ALL to

ALL: ALL: spawn ( \
echo -e "\n\
TCP Wrappers\:  Connection refused\n\
By\:                    $(uname -n)\n\
Process\:               %d (pid %p)\n\
User\:                  %u\n\
Host\:                  %c\n\
Date\:                  $(date)\n\
" | /bin/mail -s "Connection to %d blocked" root)

This will send you an email whenever someone gets through to
tco_wrappers. 

Hope it helps,
--Brad
============================================================================
Bradley M. Alexander                     |   Co-Chairman,
Beowulf System Admin/Security Specialist |    NoVALUG/DCLUG Security SIG
Winstar Telecom                          |   balexander@winstar.com
(703) 889-1049                           |   storm@tux.org
============================================================================
If we aren't supposed to eat animals, why are they made of meat?

Attachment: pgpWVGcTnSuJB.pgp
Description: PGP signature


Reply to: