HPE Community
Operating System - HP-UX
1847858 Members
2174 Online
104021 Solutions
New Discussion

ftpusers

 
SOLVED
Go to solution
lastgreatone
Regular Advisor

‎05-07-2001 11:56 AM

‎05-07-2001 11:56 AM

ftpusers

I would like to monitor closely ftp useage on the internet server. With anonymous ftp you see ip addresses. But with local users who have local accounts also use ftp clients (ie DreamWeaver). Because ftpd accesses local
accounts without using their login shells, I have no way of knowing who is making the connection. I just get Ftp session open, ftp session closed. If I understand correctly, if I add the users names in /etc/ftpusers, this will lock them out, which I don't want. Any workarounds that anyone may know of?



0 Kudos
Reply
3 REPLIES 3
James R. Ferguson
Acclaimed Contributor

‎05-07-2001 12:10 PM

‎05-07-2001 12:10 PM

Solution

Re: ftpusers

Hi Francoise:

You can increase the amount of information logged by adding the '-l' and '-v' options to the 'ftpd' daemon as startd by 'inetd'.

Add these flags to /etc/inetd.conf as:

ftp stream tcp nowait root /usr/lbin/ftpd ftpd -l -v

...and restart 'inetd' as:

# /usr/sbin/inetd -c

...JRF...
Reply
Shannon Petry
Honored Contributor

‎05-10-2001 09:35 AM

‎05-10-2001 09:35 AM

Re: ftpusers

Even without the -l -v added to inetd.conf, you can always look into /var/adm/syslog/syslog.log.

syslog will show you who connected, failed login attempts, put/get commands and log out commands.

Simply
# grep FTPD /var/adm/syslog/syslog.log >> myfile.txt

then scan myfile.txt for users....

Regards,
Shannon
Microsoft. When do you want a virus today?
Reply
lastgreatone
Regular Advisor

‎05-10-2001 10:22 AM

‎05-10-2001 10:22 AM

Re: ftpusers

No I don't get all information, since this is a web server and internet users connect as anonymous users to upload and local users use third party ftp clients, for editing, ie Dreamweaver. At the time I logged this message, that internet server for some reason just locked up on me from a remote administration location, so I went to the server room and even logging in at the console it took over a minute for the screen to pop up, this was a first for me and all I could see in the syslog was the usual anonymous ftp connections. Telecom people noted some socket errors but could not pinpoint the source. Maybe the ethernet card is showing signs of potential failure...
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.