#
# hosts.deny	This file describes the names of the hosts which are
#		*not* allowed to use the local INET services, as decided
#		by the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow.  In particular
# you should know that NFS uses portmap!
#
#	ORC standard:
#
#	add to /etc/aliases:       probe:	root,root.pager
#
#	TRAPS   master on centurion, pokey
#		compare vs   grep -v "#" /etc/inetd.conf
#		-and
#		netstat -a -n ; netstat -a
#
#		turn off finger
#
#	Copyright (c) 1998 Owl River Company
#	info@owlriver.com
#
#	REV	PH 980608
#
#
#in.tftpd:	 ALL:	 spawn ( ( echo in.tftpd probe from ; \
#	/bin/date ; \
#	/usr/sbin/safe_finger -l @%h ) | \
#	/usr/bin/tee -a /var/log/probelog | \
#	/bin/mail -s %d_%h_%c probe) &
#
in.telnetd:	ALL:	 spawn (( echo ============================== ; \
	echo in.telnetd probe from ; \
	echo %d_#_%h_#_%c	; 	\
	/bin/date ; 			\
	/usr/sbin/safe_finger -l @%h  ; \
        /bin/sleep 5            ;       \
	/usr/sbin/traceroute %h ; 	\
	echo )	|			\
	/usr/bin/tee -a /var/log/probelog | \
	/bin/mail -s %d_%h_%c probe) &
#
in.ftpd:	ALL:	 spawn (( echo ============================== ; \
	echo in.ftpd probe from ; \
        echo %d_#_%h_#_%c       ;       \
	/bin/date ; 			\
	/usr/sbin/safe_finger -l @%h ;  \
        /bin/sleep 5  ;                 \
        /usr/sbin/traceroute %h ; 	\
	echo )	|			\
	/usr/bin/tee -a /var/log/probelog | \
	/bin/mail -s %d_%h_%c probe) &
#
in.rshd:	ALL:	 spawn ( ( echo ============================== ; \
	echo rsh probe from ; \
        echo %d_#_%h_#_%c       ;       \
 	/bin/date ; \
	/usr/sbin/safe_finger -l @%h  ; \
        /bin/sleep 5            ;       \
        /usr/sbin/traceroute %h ; 	\
	echo )	|			\
	/usr/bin/tee -a /var/log/probelog | \
	/bin/mail -s %d_%h_%c probe) &
#
in.rlogind:	ALL:	 spawn ( ( echo ============================== ; \
	echo rlogin probe from ; \
        echo %d_#_%h_#_%c       ;       \
	/bin/date ; \
	/usr/sbin/safe_finger -l @%h  ; \
        /bin/sleep 5            ;       \
        /usr/sbin/traceroute %h ; 	\
	echo )	|			\
	/usr/bin/tee -a /var/log/probelog | \
	/bin/mail -s %d_%h_%c probe) &
#
#	Note that finger loops prohibit re-fingering finger
#	to avoid a self-induced DoS state -- rely on the 
#	identd
#
in.fingerd:	ALL:	 spawn ( ( echo ============================== ; \
	echo finger probe ; \
        echo %d_#_%h_#_%c       ;       \
	/bin/date ; \
	echo check /var/log/secure      ; \
	/bin/sleep 5                  ;   \
	echo )	|			\
	/usr/bin/tee -a /var/log/probelog | \
	/bin/mail -s %d_%h_%c probe) &
#
gn:	ALL:	 spawn ( ( echo ============================== ; \
	echo gopher probe from ; \
        echo %d_#_%h_#_%c       ;       \
	/bin/date ; \
	/usr/sbin/safe_finger -l @%h  ; \
        /bin/sleep 5            ;       \
        /usr/sbin/traceroute %h ; 	\
	echo )	|			\
	/usr/bin/tee -a /var/log/probelog | \
	/bin/mail -s %d_%h_%c probe) &
#
imapd:	ALL:	 spawn ( ( echo ============================== ; \
	echo imapd probe from ; \
        echo %d_#_%h_#_%c       ;       \
	/bin/date ; \
	/usr/sbin/safe_finger -l @%h  ; \
        /bin/sleep 5            ;       \
        /usr/sbin/traceroute %h ; 	\
	echo )	|			\
	/usr/bin/tee -a /var/log/probelog | \
	/bin/mail -s %d_%h_%c probe) &
#
ipop3d:	ALL:	 spawn ( ( echo ============================== ; \
	echo ipop3d probe from ; \
        echo %d_#_%h_#_%c       ;       \
	/bin/date ; \
	/usr/sbin/safe_finger -l @%h  ; \
        /bin/sleep 5            ;       \
        /usr/sbin/traceroute %h ; 	\
	echo )	|			\
	/usr/bin/tee -a /var/log/probelog | \
	/bin/mail -s %d_%h_%c probe) &
#
ipop2d:	ALL:	 spawn ( ( echo ============================== ; \
	echo ipop2d probe from ; \
        echo %d_#_%h_#_%c       ;       \
	/bin/date ; \
	/usr/sbin/safe_finger -l @%h  ; \
        /bin/sleep 5            ;       \
        /usr/sbin/traceroute %h ; 	\
	echo )	|			\
	/usr/bin/tee -a /var/log/probelog | \
	/bin/mail -s %d_%h_%c probe) &
#
#
ALL:	ALL
#
#
# The tcpd program can even be used to control access to the mail
# service.  This can be useful when you suspect that someone is trying
# out some obscure sendmail bug, or when a remote site is misconfigured
# and keeps hammering your mail daemon.
# 
# In that case, sendmail should not be run as a stand-alone network
# listener, but it should be registered in the inetd configuration file.
# For example:
#
#    smtp    stream  tcp     nowait  root    /usr/etc/tcpd \
#	/usr/lib/sendmail -bs
#
# You will still need to run one sendmail background process to handle
# queued-up outgoing mail. A command like:
#
#    /usr/lib/sendmail -q15m
#
# (no -bd' flag) should take care of that. You cannot really prevent
# people from posting forged mail this way, because there are many
# unprotected smtp daemons on the network.
#
#	for BSD style /etc/rc.d/rc.M 
#	-- in SysV -- change  /etc/rc.d/init.d/sendmail arguments
#
# Start the sendmail daemon:
#if [ -x /usr/sbin/sendmail ]; then
#  echo "Starting sendmail daemon (/usr/sbin/sendmail -bd -q 15m)..."
#  echo "Starting sendmail periodic - NOT daemon(/usr/sbin/sendmail \
#	-q 15m)..."
#   /usr/sbin/sendmail -q 15m
#  
#       per tcp_wrappers/README 
# 
# fi
#
sendmail:	ALL:	 spawn ( ( echo ============================== ; \
	echo smtp probe from ; \
        echo %d_#_%h_#_%c       ;       \
	/bin/date ; \
	/usr/sbin/safe_finger -l @%h  ; \
        /bin/sleep 5            ;       \
        /usr/sbin/traceroute %h ; 	\
	echo )	|			\
	/usr/bin/tee -a /var/log/probelog | \
	/bin/mail -s %d_%h_%c probe) &
#
#
#