From: Tom Linden (tom@kednos.com)
Date: Mon Sep 08 2003 - 13:14:18 EDT
Thanks to
Joseph.Senulis
We use tcpwrappers ftp://ftp.porcupine.org/pub/security/index.html and
http://www.cert.org/security-improvement/implementations/i041.07.html to log
this sort of thing. Also, do a man ftpd and look at the -l option. T64 5.1
has this, but we don't use it at this time. I don't know about 4.0d.
--Joe
Hugh.Pritchard
Try this, which I use to log activity of my ftp daemon (*not* of people
using the ftp client, unfortunately): In /etc/inetd.conf, find the ftp
line, and modify the last field to
ftp stream tcp nowait root /usr/sbin/ftpd ftpd -l -t 1800
This tells ftpd to log activity (-l) and to time out after 1/2 an hour of
inactivity (-t 1800).
Send a hangup to inetd to tell it to look at configuration again.
Hugh
Lawrie
I think what you need to do is is to add a "-l" after the ftpd
int the /etc/inetd.conf file. This turns on ftp logging to the
/var/adm/syslog.dated/current/daemon.log file.
This line in my file looks like:
ftp stream tcp nowait root /usr/sbin/tcpd ftpd -l
The difference here, /usr/sbin/tcpd, is because we use tcpwrappers for extra
security but the same applies either way.
Lucio Chiappetti
Assuming you are using the ftpd daemon which comes with the system and not
WU ftpd or any other ...
Edit /etc/inetd.conf as follows
ftp stream tcp nowait root /usr/sbin/ftpd ftpd -l
i.e. add -l to the last field (see man ftpd). This will enable logging.
The logs will be (by date) in /var/adm/syslog.dated/*/daemon.log
I have this enabled and a daily crontab which reformats it into an html
page which I check every day.
--- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:49:35 EDT