On Thu, 15 May 2003, Wilmot, Fred wrote: > Hi all, > I have an enterprise-wide existing implementation of custom-compiled TCP wrappers, > implemented on Solaris 7-8 systems. The current configuration wraps all > the services default in inetd.conf and logs all these connections > attempts as specified in the host.allow file with explicit deny at the end. > All these services listen and invalidate my network auditing of the > system. Is there a way to use tcpwrappers to log all attempts to > inetd.conf services without appearing as though these services are > listening? Has anyone removed the daemon from the inetd.conf tcpd call? > I am mainly concerned with gathering this log data as a poor-man's HIDS. > Can I use syslog.conf to gather a defined local0.info level for each > available service? Thanks for your help! If you need this level of logging, I would probably look at installing SunScreen Lite which is free from Sun. This package will do complete connection logging, not to mention filtering. You could pretty much do away with tcp wrappers at that point. John -- John Meyers Computing Services Wright State University _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Thu Jun 12 2003 - 18:18:32 PDT