koreth@ssyx.ucsc.edu (Steven Grimm) (01/07/89)
We run an anonymous FTP service on ssyx.ucsc.edu, and we like to know
which files are being transfered and by whom. To keep track of this
information, I have made the following additions to the in.ftpd source
(these are for SunOS 4.0; the patches are easy to adapt to other versions
of the OS). Files modified are ftpcmd.y, ftpd.c, and ftpd.8c (the manual
page). This patch is also useful for system security purposes, as it logs
all ftp sessions; if an intruder is transferring files from your site, the
transfers will show up in the logfile.
---
Steven Grimm Moderator, comp.{sources,binaries}.atari.st
koreth@ssyx.ucsc.edu uunet!ucbvax!ucscc!ssyx!koreth
University of California, Santa Cruz; Social Sciences Division
[[ The patch has been placed in the archives under "sun-source" as
"ftp.logging.patch". It is 7191 bytes long. It can be retrieved via
anonymous FTP from the host "titan.rice.edu" or via the archive server.
For more information about the archive server, send a mail message
containing the word "help" to the address "archive-server@rice.edu".
--wnl ]]cyrus@pprg.unm.edu (Tait Cyrus) (01/14/89)
>The patch has been placed in the archives under "sun-source" as >"ftp.logging.patch".... Really??? Not when I looked (Jan 9, 1989 around 15:30 MST). When will they be made available? Thanks ++Tait cyrus@pprg.unm.edu [[ There was a slight delay in placing that file and the gnuchesstool.patch files in the archives. My apologies: they are both there now. --wnl ]]
cyrus@pprg.unm.edu (Tait Cyrus) (01/16/89)
koreth@ssyx.ucsc.edu (Steven Grimm) writes: >We run an anonymous FTP service on ssyx.ucsc.edu, and we like to know >which files are being transfered and by whom. To keep track of this >information, I have made the following additions to the in.ftpd source Looking at these patches, I can't see how they work for anonymous ftp (they appear to work for regular users). The only way I can see these patches working with anonymous ftp is iff the anonymous ftp directory is /. The reason I make this statement is because the log file is opened before the chroot. After the chroot, you can no longer access the file. I wanted to do the same thing (with the BSD 4.3 src posted a while back) and ran into this problem under SunOS 4.0 on my Sun 3/160. The way I solved this problem was to open the log file AFTER the chroot, though I don't log what "regular" users do. If I am overlooking something, I would appreciate someone telling me because my "method" is a real hack, though it gets the job done very well. W. Tait Cyrus (505) 277-0806 e-mail: cyrus@pprg.unm.edu University of New Mexico Dept of ECE - Parallel Processing Research Group Albuquerque, New Mexico 87131 [[ I want to provide an explanation here, but it would probably just be wrong. --wnl ]]
koreth@ssyx.ucsc.edu (Steven Grimm) (01/28/89)
>Looking at these patches, I can't see how they work for anonymous ftp >(they appear to work for regular users). The only way I can see these >patches working with anonymous ftp is iff the anonymous ftp directory is >/. The reason I make this statement is because the log file is opened >before the chroot. After the chroot, you can no longer access the file. Not true. Once a file is open, it doesn't matter where it is on the directory tree. The filesystem already has a dev/inode pair for the file, and it doesn't matter WHERE in the directory tree that pair is. As evidence, I offer the fact that my ftp logging patches work, and have been working for quite a while now. [[ The chroot-ed environment only matters when a file is opened. Once you have an open file descriptor, any amount of chroot-ing isn't going to affect it. --wnl ]]