From owner-freebsd-questions Thu Jun 5 01:35:50 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id BAA03516 for questions-outgoing; Thu, 5 Jun 1997 01:35:50 -0700 (PDT) Received: from gatekeeper.ukrv.de (gatekeeper.ukrv.de [193.175.72.2]) by hub.freebsd.org (8.8.5/8.8.5) with SMTP id BAA03511 for ; Thu, 5 Jun 1997 01:35:47 -0700 (PDT) Received: by gatekeeper.ukrv.de; (5.65/1.1.8.2/17Oct95-0336PM) id AA06058; Thu, 5 Jun 1997 10:35:45 +0200 Received: from mailhost(193.175.66.33) by gatekeeper.ukrv.de via smap (V1.3-JSC) id sma014689; Thu Jun 5 10:35:30 1997 Received: from merlin.ukrv.de by mailhost.ukrv.de; (5.65/1.1.8.2/08Mar95-0213PM) id AA04678; Thu, 5 Jun 1997 10:35:30 +0200 Received: by merlin.ukrv.de (4.1/UKRV-Gen PCG 0.1) id AA01363; Thu, 5 Jun 97 10:35:30 +0200 From: Udo Wolter Message-Id: <9706050835.AA01363@merlin.ukrv.de> Subject: Re: How to 'watch' an FTP User In-Reply-To: from Stefan `Sec` Zehl at "Jun 5, 97 02:00:50 am" To: freebsd-questions@FreeBSD.ORG Date: Thu, 5 Jun 1997 10:35:29 +0200 (MET DST) X-Mailer: ELM [version 2.4ME+ PL31 (25)] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-questions@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > In article <19970603173741.14916@scsn.net>, Donald J. Maddox wrote: > > The 'watch' command is very handy for observing what someone logged into > > your machine is doing, as they do it. Is there an analogous program for > > watching what ftp users logged in to the system are doing? Or, is there a > > way of using 'watch' for this that I've missed? > > I changed the line in /etc/inetd.conf to: > ftp stream tcp nowait root /usr/libexec/ftpd ftpd -d -l -l > > and in /etc/syslog.conf: > ftp.debug /var/log/ftp > > So i can see every 'movement' made by the ftp 'users' - it generates a > lot of data though, so you shouldn't forget to rotate the logfile every > once in a while :) Another way is the tcp-daemon. With this program you can trace connects for a specific service. In my /etc/inetd.conf the line would look like: ftp stream tcp nowait root /usr/local/libexec/tcpd ftpd -d -l -l Now you can see almost everything what they're doin'. (You can use tcpd also for telnet, http, rsh etc.) Bye, Udo -- Udo Wolter, email: uwp@cs.tu-berlin.de !!! LOW-TECH Page: http://low-tech.home.ml.org !!!