Is there a way in Linux (RHEL 5-6) using IPTABLES, that if someone tried to access port 21, as an FTP user, to log what the user name they are trying to authenticate as and additionally run a shell script passing that username as the first arg to the script? What I want to do ideally is email the user ID stating the new method of accessing this server, which is SFTP only now.
Asked
Active
Viewed 1,537 times
1
-
2You could just add the info to the FTP welcome message and then disconnect them or just allow read only access for FTP. That way, they'll see the message and log back on with sftp – terdon Feb 11 '14 at 19:39
-
That's not a bad idea, but I am trying to keep the port filtered if possible. – Gregg Leventhal Feb 11 '14 at 19:53
2 Answers
1
You can use knockd to listen to port 21 and run a command when a single connection is attempted.
Then the configuration would look something like this
[openSSH]
sequence = 21
seq_timeout = 5
command = /path/to/script
tcpflags = syn
The script would need to get the user id from the log file for the ftp server.
Lawrence
- 2,302
0
What iptables does is to not accept the segments (data packets sent through the net) asking for the opening of a connection, so there is no way to ask who is at the other end. The package tcpwrappers was used to do such shenanigans (log origin of connections, ask who is at the other end, ...) together with inetd, but most of its functionality was absorbed into replacements like xinetd(8). It should be possible to set something up, but probably you'll don't find precompiled packages (it isn't present in Fedora 19, for instance).
But be careful with what you are trying to do, the other end of the connection is (by definition) completely out of your control, they might lie through their teeth without you having any way to find out.
vonbrand
- 18,253