Dan Karron@UCBVAX.BERKELEY.EDU (12/04/90)
How can I log what anonymous users are doing on my anon ftp account ? I would like to keep stats on what people are taking (to justify the popularity of my junk for my boss). Cheers! dan. +-----------------------------------------------------------------------------+ | karron@nyu.edu (E-mail alias that will always find me) | | Fax: 212 340 7190 * Dan Karron, Research Associate | | . . . . . . . . . . . . . . * New York University Medical Center | | 560 First Avenue \*\ Pager <1> (212) 397 9330 | | New York, New York 10016 \**\ <2> 10896 <3> <your-number-here> | | (212) 340 5210 \***\_________________________________________ | | Main machine: karron.med.nyu.edu (128.122.135.3) IRIS 85GT | +-----------------------------------------------------------------------------+
Dan Karron@UCBVAX.BERKELEY.EDU (12/04/90)
Thanks for your reply. I have the logging option turned on for ftp. That only reports who logs on via the ftpd. I want to know who takes what from the anon dist directory. Lots of people log on and just look around. Also, people try to get stuff they don't have permissions for. I want to know what I did wrong(i.e., I need to change the permissions, or what they are doing wrong) or what anon users are after. Cheers! dan. +-----------------------------------------------------------------------------+ | karron@nyu.edu (E-mail alias that will always find me) | | Fax: 212 340 7190 * Dan Karron, Research Associate | | . . . . . . . . . . . . . . * New York University Medical Center | | 560 First Avenue \*\ Pager <1> (212) 397 9330 | | New York, New York 10016 \**\ <2> 10896 <3> <your-number-here> | | (212) 340 5210 \***\_________________________________________ | | Main machine: karron.med.nyu.edu (128.122.135.3) IRIS 85GT | +-----------------------------------------------------------------------------+
rxcob@minyos.xx.rmit.oz.au (Owen Baker) (12/04/90)
>How can I log what anonymous users are doing on my anon ftp account ? >I would like to keep stats on what people are taking (to justify >the popularity of my junk for my boss). Do a man on FTP. There is a debug option (-d I think) for when the daemon is started which logs all users and passwords and other stuff. The only problem this has is that it works for all FTP users, not just anonymous, so its not a very nice way of seeing everybodys passwords...... +-------------------------------+-------------------------------------------+ | Owen Baker | Communication Services Unit | | rxcob@minyos.xx.rmit.oz.au | RMIT - Victoria University of Technology | | (61) (3) 660-2038 | Melbourne, Victoria, Australia | +-------------------------------+-------------------------------------------+
mg@ (Mike Gigante) (12/04/90)
rxcob@minyos.xx.rmit.oz.au (Owen Baker) writes: >>How can I log what anonymous users are doing on my anon ftp account ? >>I would like to keep stats on what people are taking (to justify >>the popularity of my junk for my boss). >Do a man on FTP. There is a debug option (-d I think) for when the daemon is >started which logs all users and passwords and other stuff. The only problem >this has is that it works for all FTP users, not just anonymous, so its not >a very nice way of seeing everybodys passwords...... >+-------------------------------+-------------------------------------------+ >| Owen Baker | Communication Services Unit | >| rxcob@minyos.xx.rmit.oz.au | RMIT - Victoria University of Technology | >| (61) (3) 660-2038 | Melbourne, Victoria, Australia | >+-------------------------------+-------------------------------------------+ Humbug! Only anonymous FTP logs the passwd. It does so because the convention for anonymous ftp is to use your login id as the passwd. Here is a excerpt from my log. As you can see it gives the passwd for ANONYMOUS ftp, but only the user id for normal ftp users. Nov 29 09:00:29 godzilla ftpd[13518]: connection from zingo.nec.com Nov 29 09:00:36 godzilla ftpd[13518]: ANONYMOUS FTP login from zingo.nec.com, edna Nov 29 14:12:01 godzilla ftpd[17127]: connection from koala.co.rmit.OZ.AU Nov 29 14:12:05 godzilla ftpd[17127]: FTP login from koala.co.rmit.OZ.AU as idm So in the above examples, the user edna@zingo.nec.com used anon FTP and the user idm@koala.co.rmit.oz.au used normal user ftp. You rely on the good faith of users (and sensibility) to use their real user ids as passwd for ANON ftp. I had one recent anon ftp session that used the passwd 'ident' (It does say "331 Guest login ok, send ident as password." :-) Mike
rxcob@minyos.xx.rmit.oz.au (Owen Baker) (12/04/90)
mg@ (Mike Gigante) writes: >rxcob@minyos.xx.rmit.oz.au (Owen Baker) writes: >>>How can I log what anonymous users are doing on my anon ftp account ? >>>I would like to keep stats on what people are taking (to justify >>>the popularity of my junk for my boss). >>Do a man on FTP. There is a debug option (-d I think) for when the daemon is >>started which logs all users and passwords and other stuff. The only problem >>this has is that it works for all FTP users, not just anonymous, so its not >>a very nice way of seeing everybodys passwords...... >Humbug! >Only anonymous FTP logs the passwd. It does so because the convention for >anonymous ftp is to use your login id as the passwd. Here is a excerpt from >my log. >As you can see it gives the passwd for ANONYMOUS ftp, but only the user id >for normal ftp users. >Nov 29 09:00:29 godzilla ftpd[13518]: connection from zingo.nec.com >Nov 29 09:00:36 godzilla ftpd[13518]: ANONYMOUS FTP login from zingo.nec.com, edna >Nov 29 14:12:01 godzilla ftpd[17127]: connection from koala.co.rmit.OZ.AU >Nov 29 14:12:05 godzilla ftpd[17127]: FTP login from koala.co.rmit.OZ.AU as idm >So in the above examples, the user edna@zingo.nec.com used anon FTP and >the user idm@koala.co.rmit.oz.au used normal user ftp. >You rely on the good faith of users (and sensibility) to use their real >user ids as passwd for ANON ftp. >I had one recent anon ftp session that used the passwd 'ident' (It does >say > "331 Guest login ok, send ident as password." >:-) >Mike Are you saying that FTP automatically logs all anonymous FTP sessions? I thought that you had to add -d to do this? The entry in our /usr/etc/inetd.conf is as follows: "ftp stream tcp nowait root /usr/etc/ftpd ftpd -d -l" and the result you get in SYSLOG is: Oct 3 12:25:06 caxton ftpd[14226]: FTPD: command: PASS ftp^M Oct 26 11:49:01 caxton ftpd[16664]: FTPD: command: PASS dmh@goanna^M Oct 29 17:31:22 caxton ftpd[3856]: FTPD: command: PASS asdasdasdasd^M Nov 22 11:25:15 caxton ftpd[19838]: FTPD: command: PASS trl@goanna.cs.rmit^M etc..... What is doing this then the -d or -l or both or have I seriously lost the plot somewhere here? Owen. PS. If Im right (slim chance I would say) then humbug back!!
doelz@urz.unibas.ch (12/05/90)
In article <9012032131.AA05576@karron.med.nyu.edu>, Dan Karron@UCBVAX.BERKELEY.EDU writes: > > How can I log what anonymous users are doing on my anon ftp account ? > Edit the /usr/etc/inetd.conf file. Find the first entry, there should be the (first) line starting with ftp. The last column lists ftpd -l ... If there is no -l, add one and you will get all the info you need logged to the SYSLOG. If you want to see more (and even passwords of regular users), add -d and debugging info is written additionally. Further info see man page on ftpd(1M). Dont forget to make inetd read its conf file by a killiall -HUP inetd. Maybe this helps, Regards, Reinhard
arc@thyme.wpd.sgi.com (Andrew Cherenson) (12/06/90)
In article <9012032131.AA05576@karron.med.nyu.edu> karron@cmcl2.nyu.edu writes: > >How can I log what anonymous users are doing on my anon ftp account ? Coming in a Future Major Release of IRIX...
Dan Karron@UCBVAX.BERKELEY.EDU (12/06/90)
Thanks, but the source is public domain, and if someone has tested it on IRIX 3.3.1, I would like try it. Someone did send me untested source, (Thanks, and I do appreciate it!) but I don't have the patience to test it (untill someone does something I don't like with my ftpd). Seems like someone can port this and post the (source ?) on sgi.com. Why wait for a Future Major Release?. Let us programming peons bang on it before the paying crowd gets their gloves on it. At least we don't get bent all out of shape when it don't work. >Subject: Re: anon ftp config advice >Message-Id: <77174@sgi.sgi.com> >References: <9012032131.AA05576@karron.med.nyu.edu> >Sender: info-iris-request@BRL.MIL >To: info-iris@BRL.MIL > >In article <9012032131.AA05576@karron.med.nyu.edu> karron@cmcl2.nyu.edu writes: >> >>How can I log what anonymous users are doing on my anon ftp account ? > >Coming in a Future Major Release of IRIX... > Dan Karron UH566 x5210, Home 777-90848