1 # 2 # hosts.deny This file describes the names of the hosts which are 3 # *not* allowed to use the local INET services, as decided 4 # by the '/usr/sbin/tcpd' server. 5 # 6 # The portmap line is redundant, but it is left to remind you that 7 # the new secure portmap uses hosts.deny and hosts.allow. In particular 8 # you should know that NFS uses portmap! 9 # 10 # ORC standard: 11 # 12 # add to /etc/aliases: probe: root,root.pager 13 # 14 # TRAPS master on centurion, pokey 15 # compare vs grep -v "#" /etc/inetd.conf 16 # -and 17 # netstat -a -n ; netstat -a 18 # 19 # turn off finger 20 # 21 # Copyright (c) 1998 Owl River Company 22 # info@owlriver.com 23 # 24 # REV PH 980608 25 # 26 # 27 #in.tftpd: ALL: spawn ( ( echo in.tftpd probe from ; \ 28 # /bin/date ; \ 29 # /usr/sbin/safe_finger -l @%h ) | \ 30 # /usr/bin/tee -a /var/log/probelog | \ 31 # /bin/mail -s %d_%h_%c probe) & 32 # 33 in.telnetd: ALL: spawn (( echo ============================== ; \ 34 echo in.telnetd probe from ; \ 35 echo %d_#_%h_#_%c ; \ 36 /bin/date ; \ 37 /usr/sbin/safe_finger -l @%h ; \ 38 /bin/sleep 5 ; \ 39 /usr/sbin/traceroute %h ; \ 40 echo ) | \ 41 /usr/bin/tee -a /var/log/probelog | \ 42 /bin/mail -s %d_%h_%c probe) & 43 # 44 in.ftpd: ALL: spawn (( echo ============================== ; \ 45 echo in.ftpd probe from ; \ 46 echo %d_#_%h_#_%c ; \ 47 /bin/date ; \ 48 /usr/sbin/safe_finger -l @%h ; \ 49 /bin/sleep 5 ; \ 50 /usr/sbin/traceroute %h ; \ 51 echo ) | \ 52 /usr/bin/tee -a /var/log/probelog | \ 53 /bin/mail -s %d_%h_%c probe) & 54 # 55 in.rshd: ALL: spawn ( ( echo ============================== ; \ 56 echo rsh probe from ; \ 57 echo %d_#_%h_#_%c ; \ 58 /bin/date ; \ 59 /usr/sbin/safe_finger -l @%h ; \ 60 /bin/sleep 5 ; \ 61 /usr/sbin/traceroute %h ; \ 62 echo ) | \ 63 /usr/bin/tee -a /var/log/probelog | \ 64 /bin/mail -s %d_%h_%c probe) & 65 # 66 in.rlogind: ALL: spawn ( ( echo ============================== ; \ 67 echo rlogin probe from ; \ 68 echo %d_#_%h_#_%c ; \ 69 /bin/date ; \ 70 /usr/sbin/safe_finger -l @%h ; \ 71 /bin/sleep 5 ; \ 72 /usr/sbin/traceroute %h ; \ 73 echo ) | \ 74 /usr/bin/tee -a /var/log/probelog | \ 75 /bin/mail -s %d_%h_%c probe) & 76 # 77 # Note that finger loops prohibit re-fingering finger 78 # to avoid a self-induced DoS state -- rely on the 79 # identd 80 # 81 in.fingerd: ALL: spawn ( ( echo ============================== ; \ 82 echo finger probe ; \ 83 echo %d_#_%h_#_%c ; \ 84 /bin/date ; \ 85 echo check /var/log/secure ; \ 86 /bin/sleep 5 ; \ 87 echo ) | \ 88 /usr/bin/tee -a /var/log/probelog | \ 89 /bin/mail -s %d_%h_%c probe) & 90 # 91 gn: ALL: spawn ( ( echo ============================== ; \ 92 echo gopher probe from ; \ 93 echo %d_#_%h_#_%c ; \ 94 /bin/date ; \ 95 /usr/sbin/safe_finger -l @%h ; \ 96 /bin/sleep 5 ; \ 97 /usr/sbin/traceroute %h ; \ 98 echo ) | \ 99 /usr/bin/tee -a /var/log/probelog | \ 100 /bin/mail -s %d_%h_%c probe) & 101 # 102 imapd: ALL: spawn ( ( echo ============================== ; \ 103 echo imapd probe from ; \ 104 echo %d_#_%h_#_%c ; \ 105 /bin/date ; \ 106 /usr/sbin/safe_finger -l @%h ; \ 107 /bin/sleep 5 ; \ 108 /usr/sbin/traceroute %h ; \ 109 echo ) | \ 110 /usr/bin/tee -a /var/log/probelog | \ 111 /bin/mail -s %d_%h_%c probe) & 112 # 113 ipop3d: ALL: spawn ( ( echo ============================== ; \ 114 echo ipop3d probe from ; \ 115 echo %d_#_%h_#_%c ; \ 116 /bin/date ; \ 117 /usr/sbin/safe_finger -l @%h ; \ 118 /bin/sleep 5 ; \ 119 /usr/sbin/traceroute %h ; \ 120 echo ) | \ 121 /usr/bin/tee -a /var/log/probelog | \ 122 /bin/mail -s %d_%h_%c probe) & 123 # 124 ipop2d: ALL: spawn ( ( echo ============================== ; \ 125 echo ipop2d probe from ; \ 126 echo %d_#_%h_#_%c ; \ 127 /bin/date ; \ 128 /usr/sbin/safe_finger -l @%h ; \ 129 /bin/sleep 5 ; \ 130 /usr/sbin/traceroute %h ; \ 131 echo ) | \ 132 /usr/bin/tee -a /var/log/probelog | \ 133 /bin/mail -s %d_%h_%c probe) & 134 # 135 # 136 ALL: ALL 137 # 138 # 139 # The tcpd program can even be used to control access to the mail 140 # service. This can be useful when you suspect that someone is trying 141 # out some obscure sendmail bug, or when a remote site is misconfigured 142 # and keeps hammering your mail daemon. 143 # 144 # In that case, sendmail should not be run as a stand-alone network 145 # listener, but it should be registered in the inetd configuration file. 146 # For example: 147 # 148 # smtp stream tcp nowait root /usr/etc/tcpd \ 149 # /usr/lib/sendmail -bs 150 # 151 # You will still need to run one sendmail background process to handle 152 # queued-up outgoing mail. A command like: 153 # 154 # /usr/lib/sendmail -q15m 155 # 156 # (no -bd' flag) should take care of that. You cannot really prevent 157 # people from posting forged mail this way, because there are many 158 # unprotected smtp daemons on the network. 159 # 160 # for BSD style /etc/rc.d/rc.M 161 # -- in SysV -- change /etc/rc.d/init.d/sendmail arguments 162 # 163 # Start the sendmail daemon: 164 #if [ -x /usr/sbin/sendmail ]; then 165 # echo "Starting sendmail daemon (/usr/sbin/sendmail -bd -q 15m)..." 166 # echo "Starting sendmail periodic - NOT daemon(/usr/sbin/sendmail \ 167 # -q 15m)..." 168 # /usr/sbin/sendmail -q 15m 169 # 170 # per tcp_wrappers/README 171 # 172 # fi 173 # 174 sendmail: ALL: spawn ( ( echo ============================== ; \ 175 echo smtp probe from ; \ 176 echo %d_#_%h_#_%c ; \ 177 /bin/date ; \ 178 /usr/sbin/safe_finger -l @%h ; \ 179 /bin/sleep 5 ; \ 180 /usr/sbin/traceroute %h ; \ 181 echo ) | \ 182 /usr/bin/tee -a /var/log/probelog | \ 183 /bin/mail -s %d_%h_%c probe) & 184 # 185 # 186 #