Date: Sat, 24 Jul 1999 10:51:48 -0400 From: Christopher Michaels <ChrisMic@clientlogic.com> To: "'eric@thepublic.net'" <eric@thepublic.net>, questions@FreeBSD.ORG Subject: RE: security: ident lookups logging - howto? Message-ID: <6C37EE640B78D2118D2F00A0C90FCB4401105AD3@site2s1>
next in thread | raw e-mail | index | archive | help
I think you're a bit confused (or maybe I am). Enabling identd in your
inetd.conf allows your machine to RESPOND to ident requests from other
machines. I does not cause inetd.conf to initiate ident requests for each
connection to it.
-Chris
> -----Original Message-----
> From: eric@thepublic.net [SMTP:eric@thepublic.net]
> Sent: Friday, July 16, 1999 11:59 AM
> To: questions@FreeBSD.ORG
> Subject: security: ident lookups logging - howto?
>
> I found the article below in the mailing archives. I applied it and now
> inetd logs generic info the correct file, but no ident information.
>
> I want to be able to log idents from all connections in inetd. In a
> separate file if possible.
>
> I have edited the inetd.conf to have for the line of identd:
> ident stream tcp wait kmem:kmem /usr/local/sbin/identd
> identd -w -t120 -l
>
> I also tried it without the -l. Everytime killing the inetd and
> restarting
> it. Restarting inetd with the -l option as well ('inetd -l').
>
> It now logs to /var/log/inetd.conf, but only with the following
> information:
> Jul 16 09:42:56 box1 inetd[59350]: telnet from 127.0.0.1
> Jul 16 09:42:56 box1 inetd[59383]: connection from localhost, service
> telnet (tcp)
>
> There is no ident information here. Can anyone help please?
>
> I tried a few things like editting the syslog.conf to have a line like:
>
> !identd
> *.* /var/log/identd.log
>
> ..without success.
>
> I also want to run identd the most efficantly. In inetd or with
> tcpserver?
>
>
> Thanks in advance,
> Eric
>
> eric@thepublic.net
>
>
>
>
>
> ------------
>
> Chris Martino <chrismar@peanut.readington.com> wrote:
>
> I was able to do something similar using inetd. For example, when
> someone tries to login/ftp to my box I get the following in the console:
>
> Jun 9 10:54:44 stupid inetd[16073]: telnet from 207.207.192.8
> Jun 9 10:54:49 stupid login: login from solar.eclipse.net on ttyp4 as
> chris
>
> That output is also written to /var/log/inetd.log.
>
> Here is how to get that to happen on your system (In other words, here's
> what I did):
>
> edit your /etc/rc.conf to include flags for inetd. Just put in a -l in
> the quotes.
>
> Now edit the /etc/syslog.conf file. This is what I added, and it seems to
> be working so far:
>
> !inetd
> *.* /dev/console
> *.* /var/log/inetd.log
>
> After you get this done, you can either reboot the machine, or kill inetd
> and manually start it with the -l flag.
>
> I think that is all that I did, if it doesn't work I can prolly hunt down
> what I missed.
>
> Chris
> --
>
> Chris Martino
> chrismar@readington.com
>
> On Tue, 9 Jun 1998 mharo@dobalee.fremont.ca.us wrote:
>
> > Hi, I was wondering if FreeBSD had some way of checking the remote
> > connection for ident info.
> >
> > We have a non-freebsd box at work which logs stuff like...
> >
> > Jun 9 00:59:46 mybox tcplog: telnet connection attempt from
> xx.xxx.xx.xxx
> >
> > and
> >
> > Jun 9 00:59:46 mybox in.telnetd[4975]: connect from user@anotherbox
> >
> > I assume this last one is done with inetd. What does the -l flag to
> inetd
> > do?
> >
> > How can I make freebsd do either or both of these?
> >
> > Thanks,
> > Michael
> >
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-questions" in the body of the message
> >
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
>
>
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6C37EE640B78D2118D2F00A0C90FCB4401105AD3>