wjw@ebr.eb.ele.tue.nl (Willem Jan Withagen) (01/25/91)
A friend of mine has cooked up the following for his farm of SUN's he maintains. THe package was more versatile, but I can't get the full system to run. ( an illegal instruction when executing gethostbyaddress() ) But it has still proven usefull in this configuration. Willem Jan Withagen --------------------------- File: frontd.c date: 23-JAN-91 author: Wietse Venema, Eindhoven University of Technology Modified for Apollo by Willem Jan Withagen (wjw@eb.ele.tue.nl) Description: frontd (original tcpd, But Apollo has already such a beasty) is a program acts as a front end to network daemons (telnetd, rlogind etc.). Whenever a connection is made it logs the remote host name and then invokes the actual network daemon program. Why? Some crackers make regular attempts to penetrate systems at our site. And once in a while a system gets 'ckracked' more or less seriously. When network connections are logged such attempts can be detected at a (hopefully) early stage, so that preventive measures can be taken. Installation: Create an extra directory /etc/org-daemons and move all inet daemons there which you want to monitor. For example, ftpd, telnetd, rlogind, rshd, rexecd, fingerd (the front end works only for connection-oriented services, not for udp-based ones). Copy the frontd to /etc and create links to it for every moved daemon: ln frontd ftpd. Then edit your /etc/syslog.conf to make sure that *.info messages are being logged:(oid.) *.info <tab> /usr/adm/info Eindhoven University of Technology DomainName: wjw@eb.ele.tue.nl Digital Systems Group, Room EH 10.10 BITNET: ELEBWJ@HEITUE5.BITNET P.O. 513 Tel: +31-40-473401 5600 MB Eindhoven The Netherlands