Wilmot, Fred wrote: > Hi all, > I have an enterprise-wide existing implementation of custom-compiled TCP wrappers, implemented on Solaris 7-8 systems. The current configuration wraps all the services default in inetd.conf and logs all these connections attempts as specified in the host.allow file with explicit deny at the end. All these services listen and invalidate my network auditing of the system. Is there a way to use tcpwrappers to log all attempts to inetd.conf services without appearing as though these services are listening? Has anyone removed the daemon from the inetd.conf tcpd call? I am mainly concerned with gathering this log data as a poor-man's HIDS. Can I use syslog.conf to gather a defined local0.info level for each available service? Thanks for your help! Gah - word wrapping please! Anyway - tcpwrappers is not the right solution - you need to enable packet filtering - and just log disallowed connections - or block them as well - your call. I'm assuming Solaris does packet filtering these days - it's been a long time since I handled one ;-) Jason _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Mon May 19 2003 - 19:07:32 PDT