In addition to basic rules allowing and denying access, the Red Hat Enterprise Linux implementation of TCP wrappers supports extensions to the access control language through option fields. By using option fields within hosts access rules, administrators can accomplish a variety of tasks such as altering log behavior, consolidating access control, and launching shell commands.
Option fields let administrators easily change the log facility and priority level for a rule by using the
In the following example, connections to the SSH daemon from any host in the
example.com domain are logged to the default
syslog facility (because no facility value is specified) with a priority of
sshd : .example.com : severity emerg
It is also possible to specify a facility using the
severity option. The following example logs any SSH connection attempts by hosts from the
example.com domain to the
local0 facility with a priority of
sshd : .example.com : severity local0.alert
In practice, this example does not work until the syslog daemon (
syslogd) is configured to log to the
local0 facility. Refer to the
syslog.conf man page for information about configuring custom log facilities.