Date: Fri, 16 Jul 1999 15:59:11 GMT From: eric@thepublic.net To: questions@FreeBSD.ORG Subject: security: ident lookups logging - howto? Message-ID: <19990716155911.60946.qmail@thepublic.net>
next in thread | raw e-mail | index | archive | help
I found the article below in the mailing archives. I applied it and now
inetd logs generic info the correct file, but no ident information.
I want to be able to log idents from all connections in inetd. In a
separate file if possible.
I have edited the inetd.conf to have for the line of identd:
ident stream tcp wait kmem:kmem /usr/local/sbin/identd
identd -w -t120 -l
I also tried it without the -l. Everytime killing the inetd and restarting
it. Restarting inetd with the -l option as well ('inetd -l').
It now logs to /var/log/inetd.conf, but only with the following
information:
Jul 16 09:42:56 box1 inetd[59350]: telnet from 127.0.0.1
Jul 16 09:42:56 box1 inetd[59383]: connection from localhost, service
telnet (tcp)
There is no ident information here. Can anyone help please?
I tried a few things like editting the syslog.conf to have a line like:
!identd
*.* /var/log/identd.log
..without success.
I also want to run identd the most efficantly. In inetd or with tcpserver?
Thanks in advance,
Eric
eric@thepublic.net
------------
Chris Martino <chrismar@peanut.readington.com> wrote:
I was able to do something similar using inetd. For example, when
someone tries to login/ftp to my box I get the following in the console:
Jun 9 10:54:44 stupid inetd[16073]: telnet from 207.207.192.8
Jun 9 10:54:49 stupid login: login from solar.eclipse.net on ttyp4 as
chris
That output is also written to /var/log/inetd.log.
Here is how to get that to happen on your system (In other words, here's
what I did):
edit your /etc/rc.conf to include flags for inetd. Just put in a -l in
the quotes.
Now edit the /etc/syslog.conf file. This is what I added, and it seems to
be working so far:
!inetd
*.* /dev/console
*.* /var/log/inetd.log
After you get this done, you can either reboot the machine, or kill inetd
and manually start it with the -l flag.
I think that is all that I did, if it doesn't work I can prolly hunt down
what I missed.
Chris
--
Chris Martino
chrismar@readington.com
On Tue, 9 Jun 1998 mharo@dobalee.fremont.ca.us wrote:
> Hi, I was wondering if FreeBSD had some way of checking the remote
> connection for ident info.
>
> We have a non-freebsd box at work which logs stuff like...
>
> Jun 9 00:59:46 mybox tcplog: telnet connection attempt from xx.xxx.xx.xxx
>
> and
>
> Jun 9 00:59:46 mybox in.telnetd[4975]: connect from user@anotherbox
>
> I assume this last one is done with inetd. What does the -l flag to inetd
> do?
>
> How can I make freebsd do either or both of these?
>
> Thanks,
> Michael
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990716155911.60946.qmail>