17.2.2.3. Shell Commands
Option fields allow access rules to launch shell commands through the following two directives:
spawn
— Launches a shell command as a child process. This option directive can perform tasks like using/usr/sbin/safe_finger
to get more information about the requesting client or create special log files using theecho
command.In the following example, clients attempting to access Telnet services from theexample.com
domain are quietly logged to a special file:in.telnetd : .example.com \ : spawn /bin/echo `/bin/date` from %h>>/var/log/telnet.log \ : allow
twist
— Replaces the requested service with the specified command. This directive is often used to set up traps for intruders (also called "honey pots"). It can also be used to send messages to connecting clients. Thetwist
directive must occur at the end of the rule line.In the following example, clients attempting to access FTP services from theexample.com
domain are sent a message via theecho
command:vsftpd : .example.com \ : twist /bin/echo "421 Bad hacker, go away!"
For more information about shell command options, refer to the
hosts_options
man page.