HPE Community
Operating System - HP-UX
1833187 Members
2799 Online
110051 Solutions
New Discussion

logging tcp connection problem: tcpwrappers and syslog

 
E. Meng Tan
Occasional Contributor

‎09-11-2000 10:25 AM

‎09-11-2000 10:25 AM

logging tcp connection problem: tcpwrappers and syslog

HELP!!

I can't get syslogd to log tcp connections (tried syslog various defined facilities and severity levels without any luck) after putting tcpwrappers in place.

Looks like the telnet daemon that comes with HP does not allow socket logging. I am able to get it working on IBM AIX, Linux and SUN solaris however.

I am forced to rely on email alerts for intrusion detection but would like to log it using syslog.

Any help would be appreciated. HP will not oblige on this as they do not support third part products like tcpwrappers!! or provide a better/alternative telnet daemon.

Thanks

0 Kudos
Reply
5 REPLIES 5
Jesper Sivertsen
Frequent Advisor

‎09-11-2000 10:48 AM

‎09-11-2000 10:48 AM

Re: logging tcp connection problem: tcpwrappers and syslog

Hi there
If you want to log telnet, ftp connections you can give a option to inetd "-l".
All connection are made truh inetd, and you should change the setting in /etc/rc.config.d/netdaemons INETD_OPTIONS, if i remember right.
All in unix is files
0 Kudos
Reply
Rita C Workman
Honored Contributor

‎09-11-2000 10:52 AM

‎09-11-2000 10:52 AM

Re: logging tcp connection problem: tcpwrappers and syslog

If what your trying to do is include the ftp and telnet logins into your syslog -
You can try doing the following:

Edit /etc/rc.config.d/netdaemons and turn ON inetd with a "-l" for logging.
Edit /etc/inetd.conf and put a '-l' at the end of the ftp and telnet line to enable logging.

Now stop inetd by doing a ps -ef | grep inetd and killing the process.
Now restart inetd: /usr/sbin/inetd -c

This will put these the ftp and telnet logins into to your syslog. The downside is that every 2 minutes you will also get added to syslog the registrar/tcp entry (..and 'No' you can't the timing factor on this..). The only way I found so far is to grep your syslog and remove this annoying little line periodically with a quick script.

Hope this helps,
0 Kudos
Reply
E. Meng Tan
Occasional Contributor

‎09-11-2000 11:43 AM

‎09-11-2000 11:43 AM

Re: logging tcp connection problem: tcpwrappers and syslog

Thanks for the recommendations. But none of them work. It seems that having tcpwrappers in inetd.conf someone disables that logging functioanlity. I am able to get it working if I do not use tcpwrappers (tcpd)

HELP!!!!!

0 Kudos
Reply
Rita C Workman
Honored Contributor

‎09-11-2000 11:56 AM

‎09-11-2000 11:56 AM

Re: logging tcp connection problem: tcpwrappers and syslog

Well I'm not familiar with tcpwrappers....I did a search and found that this has to do with Linux.
Normally to enable telent/ftp login/out info in syslog you would simple execute the commands provided earlier.

I did however, find this url, it may give you some insight into your problem...hope it helps,

http://my1.itrc.hp.com/cm/QuestionAnswer/1,1150,0xfd4568c57f64d4118fee0090279cd0f9,00.html
0 Kudos
Reply
Ralf Hildebrandt
Valued Contributor

‎09-11-2000 11:25 PM

‎09-11-2000 11:25 PM

Re: logging tcp connection problem: tcpwrappers and syslog

I rather guess your /etc/syslog.conf is not
proper.
How does it look like? Perhaps not all
facilities and/or severyties are logged!

tcpwrappers does NOT alter the logging that
HP's inetd provides -- inetd calls tcpd which THEN calls telnetd et al. if the restrictions in /etc/hosts.allow or .deny match
Postfix/BIND/Security/IDS/Scanner, you name it...
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.