Scribd
Upload
12 views1 page

Shell Command for PDF Security Alerts

The shell command allows you to define additional processing triggered by a match in the access control list, such as gathering more information about an intruder or notifying the system administrator of a potential security attack. For example, a hosts.deny file entry uses safe_finger to log login information from denied remote systems and emails it to the root user. The ampersand runs the shell commands in the background so tcpd does not wait for them to complete before continuing its work.

Uploaded by

JeandelaSagesse
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
12 views1 page

Shell Command for PDF Security Alerts

The shell command allows you to define additional processing triggered by a match in the access control list, such as gathering more information about an intruder or notifying the system administrator of a potential security attack. For example, a hosts.deny file entry uses safe_finger to log login information from denied remote systems and emails it to the root user. The ampersand runs the shell commands in the background so tcpd does not wait for them to complete before continuing its work.

Uploaded by

JeandelaSagesse
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd

Defining an Optional Shell Command

The shell command allows you to define additional processing that is triggered by a match in
the access control list. In all practical examples, this feature is used in the [Link] file to
gather more information about the intruder or to provide immediate notification to the system
administrator about a potential security attack. For example:
[Link] : ALL : (safe_finger l @%h | /usr/sbin/mail s %d %h root) &
In this example from a [Link] file, all systems are denied access to rshd. After logging
the attempted access and blocking it, tcpd sends the safe_finger command to the shell for
execution. All versions of finger, including safe_finger, query the remote host to find out who
is loggedin to that host. This information can be useful when tracking down an attacker. The
result of the safe_finger command is mailed to the root account. The ampersand (&) at the
end of the line causes the shell commands to run in the background. This is important;
without it, tcpd would sit and wait for these programs to complete before returning to its own
work.
Note The safe_finger program is provided with the tcpd wrapper software. It is specially
modified to be less vulnerable to attack than the standard finger program.
There are some variables, such as %h and %d, used in the shell command example. These
tcpd wrapper variables, listed in Table 12.1, allow you to take values for the incoming
connection and use them in the shell process.

You might also like