wrl@wdl1.wdl.loral.com (Bill Lewandowski) (03/31/91)
Archive-name: ftp/server/logging-summary/1991-03-27
Original-posting-by: wrl@wdl1.wdl.loral.com (Bill Lewandowski)
Original-subject: Anonymous FTP Logging (Recap)
Reposted-by: emv@msen.com (Edward Vielmetti, MSEN)
Hi,
Afew weeks ago I asked about anonymous FTP logging
on a sun. Now that I have time, here is a recap of the messages
I received on the subject and thanks to all who responed.
Bill Lewandowski
==================================================================
From: Robert Elz <kre@munnari.oz.au>
There's a bug in ftpd - it attempts to syslog (which uses the
unix domain socket /dev/log) after it has chroot'd to ~ftp
in the case of anon ftp. Needless to say there is no /dev/log
under ~ftp (and even if you were to attempt to make one, it
would do no good).
Ftpd needs to be fixed to connect to the syslog socket before
the chroot (proper args to a suitably places openlog() will do
that).
kre
===================================================================
I've hacked on ftpd to do logging of where the connection's from &
what username they put. It also allows restriction of hours to 6pm-6am
if needed. It doesnt log what files they get (or at least I've never
given it a try). You're welcome to a copy if ya want. It's on
ftp.cs.widener.edu [192.55.239.132] in pub/unix/widener.ftpd.tar.Z.
--
Brendan Kehoe - Widener Sun Network Manager - brendan@cs.widener.edu
Widener University in Chester, PA A Bloody Sun-Dec War Zone
===================================================================
From: wbc@sunapee.dartmouth.edu (Wayne B. Cripps)
Subject: Re: Sun Anonymous FTP Logging
To: wrl@wdl1.wdl.loral.com
Bill -
I hacked ftp source to use a network logging
scheme - so it doesn't care that ftp does a
chroot.
Wayne
===================================================================
From: beig%FRULM63.BITNET@CUNYVM.CUNY.EDU (Jacques Beigbeder)
To: wrl@wdl1.wdl.loral.com
Subject: Re: Sun Anonymous FTP Logging
I asked the same question around the 15th of February.
The trouble is that the following sequence doesn't work:
openlog(...)
chroot(...) <- done when Anonymous ftp
syslog(...) <- does nothing
I got the answer and the fix from:
> Is there any way to fix this?
Yes, you can change (a copy of) the syslog(3) subroutine to use a tcp/udp
connection for the connection to the syslog daemon instead of the 'unix'
domain socket which fails as soon as the chroot is done.
Or you can fix the kernal so that the unix domain thing works after
the chroot -- not sure why it's failing, since (in theory) the connection
is open (to /dev/log) prior to the chroot so the i/o "should" continue
to work.
I've done it here, let me know if you'd like it.
-- Jim Guyton
guyton@rand.org
_________________________________________________________________________
So the fix is to recompile ftpd with a good syslog.c!
--Jacques Beigbeder
===================================================================
From: Jim Guyton <guyton%condor@rand.org>
1) get the ftpd source
2) get the syslog(3) source
3) change (2) to use UDP packets instead of UNIX sockets
4) relink
-- Jim Guyton
guyton@rand.org
===================================================================
From: knutson%SW.MCC.COM@MCC.COM (Jim Knutson)
Subject: Re: Sun Anonymous FTP Logging
I haven't tried this, but how about running an additional syslogd as
chroot ~ftp syslogd
It would need seperate config and dev files, but if you really need it,
it might work.
Jim Knutson
knutson@mcc.com
===================================================================
From: Robert Elz <kre@munnari.oz.au>
Date: Thu, 14 Mar 91 11:25:48 CST
From: knutson%SW.MCC.COM@MCC.COM (Jim Knutson)
Message-ID: <9103141725.AA00338@weber.sw.mcc.com>
I haven't tried this, but how about running an additional syslogd as
chroot ~ftp syslogd
I belive that is likely to work, but would be a whole
separate syslog universe (certainly a separate log file,
and no access to user login info, or ttys, to send messages
to logged in users, should you want to have ftpd ever do
that, which is probably just a bit difficult to imagine).
But the sources to ftpd are available, and fixing the bug
is easy ...
I was also reminded that sun's syslog(3) doesn't seem to want
to behave properly, even with the correct args to openlog(3),
so getting a replacement syslog(3) to use with ftpd is also
needed I think - when I look I see that is what I did.
I have made the version of ftpd that I use here (which logs
anon ftp sessions - but usually produces less logging info
that was demonstrated in the original request) available for
anonymous ftp from munanri.oz.au [128.250.1.21]. Fetch
pub/net/ftpd.tar.Z (a compressed tar file) in binary mode.
This is known to work on sparcs running 4.0.3 and sun3's
running 4.1 (and there's no reason it shouldn't work on
other similar combinations).
kre