From owner-freebsd-questions  Wed Apr 22 17:26:44 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id RAA14388
          for freebsd-questions-outgoing; Wed, 22 Apr 1998 17:26:44 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from granite.sentex.net (granite.sentex.ca [199.212.134.1])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id AAA14245
          for <questions@freebsd.org>; Thu, 23 Apr 1998 00:26:23 GMT
          (envelope-from mike@sentex.net)
Received: from ospf-mdt.sentex.net (ospf-mdt.sentex.net [205.211.164.81]) by granite.sentex.net (8.8.6/8.6.9) with SMTP id UAA21840; Wed, 22 Apr 1998 20:24:30 -0400 (EDT)
From: mike@sentex.net (Mike Tancsa)
To: anthony@sohopros.com
Cc: questions@FreeBSD.ORG
Subject: Re: monitoring logins?
Date: Thu, 23 Apr 1998 00:13:30 GMT
Message-ID: <353e8679.862651777@mail.sentex.net>
References: <3.0.32.19980421222843.00807e80@pop.flash.net>
In-Reply-To: <3.0.32.19980421222843.00807e80@pop.flash.net>
X-Mailer: Forte Agent .99e/32.227
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Tue, 21 Apr 1998 22:28:46 -0500, in sentex.lists.freebsd.questions
you wrote:

>What is the best way to monitor who is logging into my system?
>One of my users has been telneting to my system from a 
>university and is concerned that some students my be using 
>packet sniffers.  I have tcp wrappers installed so I should 
>be some what protected, wright?  

tcp_wrappers allows for a nice way to resitrict access and also
enforce things like hostname to address matches.  If the user is
logging in from a workstation, get them to install an SSH client on
their end, and install sshd on your end to provide point to point
encryption.  

In general, if your system is such that your users will come in from
known sources, deny access to all, and grant access to specific
hosts/locations.  You can do this through tcp_wrappers.

Also, keep an eye on your logs for any unusual patterns. e.g. if user
X always logs in from site.somewhere.com, and all of a sudden starts
logging in from some AOL dialup account....

	---Mike

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message