Hi all, I have an enterprise-wide existing implementation of custom-compiled TCP wrappers, implemented on Solaris 7-8 systems. The current configuration wraps all the services default in inetd.conf and logs all these connections attempts as specified in the host.allow file with explicit deny at the end. All these services listen and invalidate my network auditing of the system. Is there a way to use tcpwrappers to log all attempts to inetd.conf services without appearing as though these services are listening? Has anyone removed the daemon from the inetd.conf tcpd call? I am mainly concerned with gathering this log data as a poor-man's HIDS. Can I use syslog.conf to gather a defined local0.info level for each available service? Thanks for your help! Fred Wilmot MMS - Security Engineer 425.580.7428 fred.wilmotat_private securityat_private _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Fri May 16 2003 - 11:17:42 PDT