1*0Sstevel@tonic-gate# @(#) Banners.Makefile 1.3 97/02/12 02:13:18 2*0Sstevel@tonic-gate# 3*0Sstevel@tonic-gate# Install this file as the Makefile in your directory with banner files. 4*0Sstevel@tonic-gate# It will convert a prototype banner text to a form that is suitable for 5*0Sstevel@tonic-gate# the ftp, telnet, rlogin, and other services. 6*0Sstevel@tonic-gate# 7*0Sstevel@tonic-gate# You'll have to comment out the IN definition below if your daemon 8*0Sstevel@tonic-gate# names don't start with `in.'. 9*0Sstevel@tonic-gate# 10*0Sstevel@tonic-gate# The prototype text should live in the banners directory, as a file with 11*0Sstevel@tonic-gate# the name "prototype". In the prototype text you can use %<character> 12*0Sstevel@tonic-gate# sequences as described in the hosts_access.5 manual page (`nroff -man' 13*0Sstevel@tonic-gate# format). The sequences will be expanded while the banner message is 14*0Sstevel@tonic-gate# sent to the client. For example: 15*0Sstevel@tonic-gate# 16*0Sstevel@tonic-gate# Hello %u@%h, what brings you here? 17*0Sstevel@tonic-gate# 18*0Sstevel@tonic-gate# Expands to: Hello username@hostname, what brings you here? Note: the 19*0Sstevel@tonic-gate# use of %u forces a client username lookup. 20*0Sstevel@tonic-gate# 21*0Sstevel@tonic-gate# In order to use banners, build the tcp wrapper with -DPROCESS_OPTIONS 22*0Sstevel@tonic-gate# and use hosts.allow rules like this: 23*0Sstevel@tonic-gate# 24*0Sstevel@tonic-gate# daemons ... : clients ... : banners /some/directory ... 25*0Sstevel@tonic-gate# 26*0Sstevel@tonic-gate# Of course, nothing prevents you from using multiple banner directories. 27*0Sstevel@tonic-gate# For example, one banner directory for clients that are granted service, 28*0Sstevel@tonic-gate# one banner directory for rejected clients, and one banner directory for 29*0Sstevel@tonic-gate# clients with a hostname problem. 30*0Sstevel@tonic-gate# 31*0Sstevel@tonic-gateSHELL = /bin/sh 32*0Sstevel@tonic-gateIN = in. 33*0Sstevel@tonic-gateBANNERS = $(IN)telnetd $(IN)ftpd $(IN)rlogind # $(IN)fingerd $(IN)rshd 34*0Sstevel@tonic-gate 35*0Sstevel@tonic-gateall: $(BANNERS) 36*0Sstevel@tonic-gate 37*0Sstevel@tonic-gate$(IN)telnetd: prototype 38*0Sstevel@tonic-gate cp prototype $@ 39*0Sstevel@tonic-gate chmod 644 $@ 40*0Sstevel@tonic-gate 41*0Sstevel@tonic-gate$(IN)ftpd: prototype 42*0Sstevel@tonic-gate sed 's/^/220-/' prototype > $@ 43*0Sstevel@tonic-gate chmod 644 $@ 44*0Sstevel@tonic-gate 45*0Sstevel@tonic-gate$(IN)rlogind: prototype nul 46*0Sstevel@tonic-gate ( ./nul ; cat prototype ) > $@ 47*0Sstevel@tonic-gate chmod 644 $@ 48*0Sstevel@tonic-gate 49*0Sstevel@tonic-gate# Other services: banners may interfere with normal operation 50*0Sstevel@tonic-gate# so they should probably be used only when refusing service. 51*0Sstevel@tonic-gate# In particular, banners don't work with standard rsh daemons. 52*0Sstevel@tonic-gate# You would have to use an rshd that has built-in tcp wrapper 53*0Sstevel@tonic-gate# support, for example the rshd that is part of the logdaemon 54*0Sstevel@tonic-gate# utilities. 55*0Sstevel@tonic-gate 56*0Sstevel@tonic-gate$(IN)fingerd: prototype 57*0Sstevel@tonic-gate cp prototype $@ 58*0Sstevel@tonic-gate chmod 644 $@ 59*0Sstevel@tonic-gate 60*0Sstevel@tonic-gate$(IN)rshd: prototype nul 61*0Sstevel@tonic-gate ( ./nul ; cat prototype ) > $@ 62*0Sstevel@tonic-gate chmod 644 $@ 63*0Sstevel@tonic-gate 64*0Sstevel@tonic-gate# In case no /dev/zero available, let's hope they have at least 65*0Sstevel@tonic-gate# a C compiler of some sort. 66*0Sstevel@tonic-gate 67*0Sstevel@tonic-gatenul: 68*0Sstevel@tonic-gate echo 'main() { write(1,"",1); return(0); }' >nul.c 69*0Sstevel@tonic-gate $(CC) $(CFLAGS) -s -o nul nul.c 70*0Sstevel@tonic-gate rm -f nul.c 71