In Solaris (all versions) and SunOS 4.1.4, inetd has a flag "-t" that logs the client ipaddress and port number to syslog. That is one of the best way of logging (ala tcpwrappers) without installing any new software. Just change /etc/init.d/inetsvc to have inetd start with "-t" flag and you are all set. [For services you don't want running but do want to log, try replacing the daemon line with /bin/false. WARNING: I have not tried this trick] Ashish Desai Fidelity Investments >-----Original Message----- >From: Wilmot, Fred [mailto:fred.wilmotat_private] >Sent: Monday, May 19, 2003 2:12 PM >To: Mike Blomgren; loganalysisat_private >Cc: Wilmot, Fred >Subject: RE: [logs] TCPwrappers logging without serving > > >Great comments. Thank you for the input on various packages available >to support a poor man's intrusion detection tool. >Unfortunately, I have >a design task to figure out how to use TCP Wrappers to do such a thing, >or find some other process without installing new packages or >processes. >Wietse doesn't find any problem with wrapping all services and leaving >them running since tcpd doesn't actually pass any information until the >handshake is complete. Also, wrappers was designed to deny all access _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Tue May 20 2003 - 10:37:34 PDT