Date: Thu, 5 Jun 1997 10:35:29 +0200 (MET DST) From: Udo Wolter <uwp@ukrv.de> To: freebsd-questions@FreeBSD.ORG Subject: Re: How to 'watch' an FTP User Message-ID: <9706050835.AA01363@merlin.ukrv.de> In-Reply-To: <slrn5pc0di.8ph.sec@matrix.42.org> from Stefan `Sec` Zehl at "Jun 5, 97 02:00:50 am"
next in thread | previous in thread | raw e-mail | index | archive | help
> In article <19970603173741.14916@scsn.net>, Donald J. Maddox wrote: > > The 'watch' command is very handy for observing what someone logged into > > your machine is doing, as they do it. Is there an analogous program for > > watching what ftp users logged in to the system are doing? Or, is there a > > way of using 'watch' for this that I've missed? > > I changed the line in /etc/inetd.conf to: > ftp stream tcp nowait root /usr/libexec/ftpd ftpd -d -l -l > > and in /etc/syslog.conf: > ftp.debug /var/log/ftp > > So i can see every 'movement' made by the ftp 'users' - it generates a > lot of data though, so you shouldn't forget to rotate the logfile every > once in a while :) Another way is the tcp-daemon. With this program you can trace connects for a specific service. In my /etc/inetd.conf the line would look like: ftp stream tcp nowait root /usr/local/libexec/tcpd ftpd -d -l -l Now you can see almost everything what they're doin'. (You can use tcpd also for telnet, http, rsh etc.) Bye, Udo -- Udo Wolter, email: uwp@cs.tu-berlin.de !!! LOW-TECH Page: http://low-tech.home.ml.org !!!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9706050835.AA01363>