Okay, let's try asking the "real" question. I'm working on a document
about Web server monitoring. One of the sections is on recording
unauthorized network connections. I've got portsentry documented, and
someone's working on snort -- takers for tcp-wrappers configs would be
fabulous -- but I'd also like to add a bit on using the "-t" flag to inetd
on Solaris.
According to the man pages:
-t Instructs inetd to trace the incoming connections for
all of its TCP services. It does this by logging the
client's IP address and TCP port number, along with
the name of the service, using the syslog(3C) facil-
ity. UDP services can not be traced. When tracing is
enabled, inetd uses the syslog facility code ``dae-
mon'' and ``notice'' priority level.
I have killed the old inetd process and restarted it thusly:
inetd -s -t &
(following the guidance of /etc/init.d/inetsvc).
But I don't seem to be seeing any data in my logs, even after nmapping the
system.
Any ideas? Anyone using it?
thanks for any info -- tbird
--
It doesn't have to be our fault to be our responsibility.
-- Paul Robertson
http://www.precision-guesswork.com
Log Analysis http://www.loganalysis.org
VPN http://vpn.shmoo.com
tbird's Security Alerts http://securecomputing.stanford.edu/alert.html
_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Fri Feb 20 2004 - 10:40:40 PST