From owner-freebsd-questions@FreeBSD.ORG  Fri Apr  8 03:32:47 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 018DC16A4CE
	for <freebsd-questions@freebsd.org>;
	Fri,  8 Apr 2005 03:32:47 +0000 (GMT)
Received: from smtp11.wanadoo.fr (smtp11.wanadoo.fr [193.252.22.31])
	by mx1.FreeBSD.org (Postfix) with ESMTP id AB07443D48
	for <freebsd-questions@freebsd.org>;
	Fri,  8 Apr 2005 03:32:46 +0000 (GMT)
	(envelope-from atkielski.anthony@wanadoo.fr)
Received: from me-wanadoo.net (unknown [127.0.0.1])
	by mwinf1101.wanadoo.fr (SMTP Server) with ESMTP id 91E5A1C00089
	for <freebsd-questions@freebsd.org>;
	Fri,  8 Apr 2005 05:32:45 +0200 (CEST)
Received: from pix.atkielski.com (ASt-Lambert-111-2-1-3.w81-50.abo.wanadoo.fr
	[81.50.80.3])
	by mwinf1101.wanadoo.fr (SMTP Server) with ESMTP id 758291C00087
	for <freebsd-questions@freebsd.org>;
	Fri,  8 Apr 2005 05:32:45 +0200 (CEST)
X-ME-UUID: 20050408033245481.758291C00087@mwinf1101.wanadoo.fr
Date: Fri, 8 Apr 2005 05:32:45 +0200
From: Anthony Atkielski <atkielski.anthony@wanadoo.fr>
X-Priority: 3 (Normal)
Message-ID: <856341966.20050408053245@wanadoo.fr>
To: freebsd-questions@freebsd.org
In-Reply-To: <16981.34396.918396.208453@szamoca.krvarr.bc.ca>
References: <1492434941.20050407204225@wanadoo.fr>
 <16981.34396.918396.208453@szamoca.krvarr.bc.ca>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Subject: Re: How can I log every login via telnet?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: freebsd-questions@freebsd.org
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Apr 2005 03:32:47 -0000

Sandy Rutherford writes:

> Check /var/log/auth.log.  They should be logged there by default.

Thanks, that's just what I was looking for.

> You could also use tcpwrappers for better control over access and
> logging.  See /etc/hosts.allow and "man 5 hosts_options".

I'd be mainly interested in restricting which user names can log on from
the Net through telnet, rather than which IP addresses.

Also, securing the traffic over the telnet session is unimportant
(including passwords), because none of the telnet use would involve
anything confidential.  I mainly want to ensure that only a select
handful of users can actually log in through telnet, and that those uses
cannot escape to a shell by any means or otherwise stray outside the
program that I want to run immediately upon login.  I've tweaked my test
program to eliminate possible buffer overflows on input and it has no
facility for escaping to a shell, and it does virtually no file I/O and
only to hard-coded paths, so hopefully it's not too much of a risk.

-- 
Anthony