Sending a client an intimidating banner when they connect to a service is a good way to disguise what system the server is running while letting a potential attacker know that system administrator is vigilant. To implement a TCP wrappers banner for a service, use the banner option.

This example implements a banner for vsftpd. To begin, create a banner file. It can be anywhere on the system, but it must bear same name as the daemon. For this example, the file is called /etc/banners/vsftpd.

The contents of the file look like this:

         220-Hello, %c 220-All activity on ftp.example.com is logged. 220-Act up and you will be banned. 
      

The %c token supplies a variety of client information, such as the username and hostname, or the username and IP address to make the connection even more intimidating. The Red Hat Enterprise Linux Reference Guide has a list of other tokens available for TCP wrappers.

For this banner to be presented to incoming connections, add the following line to the /etc/hosts.allow file:

         vsftpd : ALL : banners /etc/banners/