12aef6930SMark Murray# @(#) Banners.Makefile 1.3 97/02/12 02:13:18 22aef6930SMark Murray# 32aef6930SMark Murray# Install this file as the Makefile in your directory with banner files. 42aef6930SMark Murray# It will convert a prototype banner text to a form that is suitable for 52aef6930SMark Murray# the ftp, telnet, rlogin, and other services. 62aef6930SMark Murray# 72aef6930SMark Murray# You'll have to comment out the IN definition below if your daemon 82aef6930SMark Murray# names don't start with `in.'. 92aef6930SMark Murray# 102aef6930SMark Murray# The prototype text should live in the banners directory, as a file with 112aef6930SMark Murray# the name "prototype". In the prototype text you can use %<character> 122aef6930SMark Murray# sequences as described in the hosts_access.5 manual page (`nroff -man' 132aef6930SMark Murray# format). The sequences will be expanded while the banner message is 142aef6930SMark Murray# sent to the client. For example: 152aef6930SMark Murray# 162aef6930SMark Murray# Hello %u@%h, what brings you here? 172aef6930SMark Murray# 182aef6930SMark Murray# Expands to: Hello username@hostname, what brings you here? Note: the 192aef6930SMark Murray# use of %u forces a client username lookup. 202aef6930SMark Murray# 212aef6930SMark Murray# In order to use banners, build the tcp wrapper with -DPROCESS_OPTIONS 222aef6930SMark Murray# and use hosts.allow rules like this: 232aef6930SMark Murray# 242aef6930SMark Murray# daemons ... : clients ... : banners /some/directory ... 252aef6930SMark Murray# 262aef6930SMark Murray# Of course, nothing prevents you from using multiple banner directories. 272aef6930SMark Murray# For example, one banner directory for clients that are granted service, 282aef6930SMark Murray# one banner directory for rejected clients, and one banner directory for 292aef6930SMark Murray# clients with a hostname problem. 302aef6930SMark Murray# 312aef6930SMark MurraySHELL = /bin/sh 322aef6930SMark MurrayIN = in. 332aef6930SMark MurrayBANNERS = $(IN)telnetd $(IN)ftpd $(IN)rlogind # $(IN)fingerd $(IN)rshd 342aef6930SMark Murray 352aef6930SMark Murrayall: $(BANNERS) 362aef6930SMark Murray 372aef6930SMark Murray$(IN)telnetd: prototype 382aef6930SMark Murray cp prototype $@ 392aef6930SMark Murray chmod 644 $@ 402aef6930SMark Murray 412aef6930SMark Murray$(IN)ftpd: prototype 422aef6930SMark Murray sed 's/^/220-/' prototype > $@ 432aef6930SMark Murray chmod 644 $@ 442aef6930SMark Murray 452aef6930SMark Murray$(IN)rlogind: prototype nul 462aef6930SMark Murray ( ./nul ; cat prototype ) > $@ 472aef6930SMark Murray chmod 644 $@ 482aef6930SMark Murray 492aef6930SMark Murray# Other services: banners may interfere with normal operation 502aef6930SMark Murray# so they should probably be used only when refusing service. 512aef6930SMark Murray# In particular, banners don't work with standard rsh daemons. 522aef6930SMark Murray# You would have to use an rshd that has built-in tcp wrapper 532aef6930SMark Murray# support, for example the rshd that is part of the logdaemon 542aef6930SMark Murray# utilities. 552aef6930SMark Murray 562aef6930SMark Murray$(IN)fingerd: prototype 572aef6930SMark Murray cp prototype $@ 582aef6930SMark Murray chmod 644 $@ 592aef6930SMark Murray 602aef6930SMark Murray$(IN)rshd: prototype nul 612aef6930SMark Murray ( ./nul ; cat prototype ) > $@ 622aef6930SMark Murray chmod 644 $@ 632aef6930SMark Murray 642aef6930SMark Murray# In case no /dev/zero available, let's hope they have at least 652aef6930SMark Murray# a C compiler of some sort. 662aef6930SMark Murray 672aef6930SMark Murraynul: 682aef6930SMark Murray echo 'main() { write(1,"",1); return(0); }' >nul.c 692aef6930SMark Murray $(CC) $(CFLAGS) -s -o nul nul.c 702aef6930SMark Murray rm -f nul.c 71