in hosts.deny, there is an optional field that allows you to do a command shell (i.e. the last field). I have it send me mail - like so: in.ftpd : ALL : (/usr/sbin/safe_finger -l @%h | /usr/bin/Mail -s %d-%h thoma041.gov ) & And hosts.allow has nothing in it ('cept the stuff that came in there from RH). If I grab Wietse's distribution of the wrappers (7.6 which is fairly old) off of Porcupine, this works fine - it does the finger on the remote host and mails it to me. Also, the version that comes standard doesn't seem to be paranoid enough (even on the enterprise w/ssl dist). This may be intentional. -Robert
I have this in mine. ALL : ALL: spawn (echo Probe from %h to %d at `date` | tee -a /var/log/tcpdeny.l og |mail root )
This smells like incorrect syntax used in hosts.deny. Please reopen if I'm wrong.