From owner-freebsd-questions Sat Jul 24 7:52:11 1999 Delivered-To: freebsd-questions@freebsd.org Received: from ns.clientlogic.com (ns.clientlogic.com [207.51.66.75]) by hub.freebsd.org (Postfix) with ESMTP id 9267614D4B for ; Sat, 24 Jul 1999 07:52:08 -0700 (PDT) (envelope-from ChrisMic@clientlogic.com) Received: by site0s1 with Internet Mail Service (5.5.2448.0) id ; Sat, 24 Jul 1999 10:49:38 -0400 Message-ID: <6C37EE640B78D2118D2F00A0C90FCB4401105AD3@site2s1> From: Christopher Michaels To: "'eric@thepublic.net'" , questions@FreeBSD.ORG Subject: RE: security: ident lookups logging - howto? Date: Sat, 24 Jul 1999 10:51:48 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2448.0) Content-Type: text/plain Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I think you're a bit confused (or maybe I am). Enabling identd in your inetd.conf allows your machine to RESPOND to ident requests from other machines. I does not cause inetd.conf to initiate ident requests for each connection to it. -Chris > -----Original Message----- > From: eric@thepublic.net [SMTP:eric@thepublic.net] > Sent: Friday, July 16, 1999 11:59 AM > To: questions@FreeBSD.ORG > Subject: security: ident lookups logging - howto? > > I found the article below in the mailing archives. I applied it and now > inetd logs generic info the correct file, but no ident information. > > I want to be able to log idents from all connections in inetd. In a > separate file if possible. > > I have edited the inetd.conf to have for the line of identd: > ident stream tcp wait kmem:kmem /usr/local/sbin/identd > identd -w -t120 -l > > I also tried it without the -l. Everytime killing the inetd and > restarting > it. Restarting inetd with the -l option as well ('inetd -l'). > > It now logs to /var/log/inetd.conf, but only with the following > information: > Jul 16 09:42:56 box1 inetd[59350]: telnet from 127.0.0.1 > Jul 16 09:42:56 box1 inetd[59383]: connection from localhost, service > telnet (tcp) > > There is no ident information here. Can anyone help please? > > I tried a few things like editting the syslog.conf to have a line like: > > !identd > *.* /var/log/identd.log > > ..without success. > > I also want to run identd the most efficantly. In inetd or with > tcpserver? > > > Thanks in advance, > Eric > > eric@thepublic.net > > > > > > ------------ > > Chris Martino wrote: > > I was able to do something similar using inetd. For example, when > someone tries to login/ftp to my box I get the following in the console: > > Jun 9 10:54:44 stupid inetd[16073]: telnet from 207.207.192.8 > Jun 9 10:54:49 stupid login: login from solar.eclipse.net on ttyp4 as > chris > > That output is also written to /var/log/inetd.log. > > Here is how to get that to happen on your system (In other words, here's > what I did): > > edit your /etc/rc.conf to include flags for inetd. Just put in a -l in > the quotes. > > Now edit the /etc/syslog.conf file. This is what I added, and it seems to > be working so far: > > !inetd > *.* /dev/console > *.* /var/log/inetd.log > > After you get this done, you can either reboot the machine, or kill inetd > and manually start it with the -l flag. > > I think that is all that I did, if it doesn't work I can prolly hunt down > what I missed. > > Chris > -- > > Chris Martino > chrismar@readington.com > > On Tue, 9 Jun 1998 mharo@dobalee.fremont.ca.us wrote: > > > Hi, I was wondering if FreeBSD had some way of checking the remote > > connection for ident info. > > > > We have a non-freebsd box at work which logs stuff like... > > > > Jun 9 00:59:46 mybox tcplog: telnet connection attempt from > xx.xxx.xx.xxx > > > > and > > > > Jun 9 00:59:46 mybox in.telnetd[4975]: connect from user@anotherbox > > > > I assume this last one is done with inetd. What does the -l flag to > inetd > > do? > > > > How can I make freebsd do either or both of these? > > > > Thanks, > > Michael > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of the message > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message