5.1.1.1. TCP Wrappers and Connection Banners

5.1.1.1. TCP Wrappers and Connection Banners

Sending a client an intimidating banner when they connect to a service is a good way to disguise what system the server is running while letting a potential attacker know that system administrator is vigilant. To implement a TCP wrappers banner for a service, use the banner option.

This example implements a banner for vsftpd. To begin, create a banner file. It can be anywhere on the system, but it must bear same name as the daemon. For this example, the file is called /etc/banners/vsftpd.

The contents of the file look like this: 

         220-Hello, %c 220-All activity on ftp.example.com is logged. 220-Act up and you will be banned.

The %c token supplies a variety of client information, such as the username and hostname, or the username and IP address to make the connection even more intimidating. The Red Hat Enterprise Linux Reference Guide has a list of other tokens available for TCP wrappers.

For this banner to be presented to incoming connections, add the following line to the /etc/hosts.allow file: 

         vsftpd : ALL : banners /etc/banners/

Note: This documentation is provided {and copyrighted} by Red Hat®, Inc. and is released via the Open Publication License. The copyright holder has added the further requirement that Distribution of substantively modified versions of this document is prohibited without the explicit permission of the copyright holder. The CentOS project redistributes these original works (in their unmodified form) as a reference for CentOS-4 because CentOS-4 is built from publicly available, open source SRPMS. The documentation is unmodified to be compliant with upstream distribution policy. Neither CentOS-4 nor the CentOS Project are in any way affiliated with or sponsored by Red Hat®, Inc.