17.2.2.3. Shell Commands

Option fields allow access rules to launch shell commands through the following two directives:

spawn — Launches a shell command as a child process. This option directive can perform tasks like using /usr/sbin/safe_finger to get more information about the requesting client or create special log files using the echo command.
In the following example, clients attempting to access Telnet services from the example.com domain are quietly logged to a special file:
```
in.telnetd : .example.com \
  : spawn /bin/echo `/bin/date` from %h>>/var/log/telnet.log \
  : allow
```
twist — Replaces the requested service with the specified command. This directive is often used to set up traps for intruders (also called "honey pots"). It can also be used to send messages to connecting clients. The twist directive must occur at the end of the rule line.
In the following example, clients attempting to access FTP services from the example.com domain are sent a message via the echo command:
```
vsftpd : .example.com \
: twist /bin/echo "421 Bad hacker, go away!"
```

For more information about shell command options, refer to the hosts_options man page.

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.