Re-install libwrap in OpenSSH

Stephan von Krawczynski skraw at ithnet.com
Thu May 21 02:17:43 AEST 2015


On Wed, 20 May 2015 11:05:34 -0400
Michael Stone <mstone at mathom.us> wrote:

> On Wed, May 20, 2015 at 03:58:22PM +0200, Stephan von Krawczynski wrote:
> >Show me this as an example of your firewall skills and replace this
> >hosts.allow entry:
> >
> >sshd: .... : spawn (echo -e "%u@%h[%a] on `/bin/date`" to %d connected me |
> >/bin/mail -s "hosts.allow entry XYZ" root) & : ALLOW
> >
> >
> >This is only an example code, of course.
> 
> It's an example of something really horrible. It might have seemed like 
> a good idea in the 90s, but in a modern system that sort of alerting 
> should be integrated into log monitoring (and should be much more 
> comprehensive than a couple of services linked against wrappers).
> 
> I think you're confirming the decision to remove wrapper support rather 
> than demonstrating that it was a mistake.
> 
> Mike Stone

Why do you think you really have understood all occasions and surroundings on
which something like this can be deployed. Can you imagine there is
infrastructure besides routed internet?

-- 
Regards,
Stephan


More information about the openssh-unix-dev mailing list