wjw@ebr.eb.ele.tue.nl (Willem Jan Withagen) (01/25/91)
A friend of mine has cooked up the following for his farm of SUN's he
maintains. THe package was more versatile, but I can't get the full
system to run. ( an illegal instruction when executing gethostbyaddress() )
But it has still proven usefull in this configuration.
Willem Jan Withagen
---------------------------
File: frontd.c
date: 23-JAN-91
author: Wietse Venema, Eindhoven University of Technology
Modified for Apollo by Willem Jan Withagen
(wjw@eb.ele.tue.nl)
Description:
frontd (original tcpd, But Apollo has already such a beasty)
is a program acts as a front end to network daemons (telnetd,
rlogind etc.). Whenever a connection is made it logs the remote
host name and then invokes the actual network daemon program.
Why?
Some crackers make regular attempts to penetrate systems at our site.
And once in a while a system gets 'ckracked' more or less seriously.
When network connections are logged such attempts can be detected at
a (hopefully) early stage, so that preventive measures can be taken.
Installation:
Create an extra directory /etc/org-daemons and move all inet daemons
there which you want to monitor.
For example, ftpd, telnetd, rlogind, rshd, rexecd, fingerd (the front
end works only for connection-oriented services, not for udp-based
ones).
Copy the frontd to /etc and create links to it for every moved
daemon:
ln frontd ftpd.
Then edit your /etc/syslog.conf to make sure that *.info messages
are being logged:(oid.)
*.info <tab> /usr/adm/info
Eindhoven University of Technology DomainName: wjw@eb.ele.tue.nl
Digital Systems Group, Room EH 10.10 BITNET: ELEBWJ@HEITUE5.BITNET
P.O. 513 Tel: +31-40-473401
5600 MB Eindhoven The Netherlands