wswietse@svbs01.bs.win.tue.nl (Wietse Venema) (11/20/90)
Archive-name: logdaemon/19-Nov-90 Original-posting-by: wswietse@svbs01.bs.win.tue.nl (Wietse Venema) Original-subject: Re: Something similar to netstat ... but quicker. Archive-site: ftp.win.tue.nl [131.155.2.8] Archive-directory: /pub Reposted-by: emv@ox.com (Edward Vielmetti) bmacinre@watcgl.uwaterloo.ca (Blair MacIntyre) writes: >What I really want is to figure out if someone is currently doing a >remote finger on my machine AND where they are fingering from. Is there >an easier way to do this? I can get the fingerd process from ps but >don't see how to get where the socket connection that created it is >comming from. What would be ideal is a flag for netstat that looks for >specific sorts of inetd connections and only prints out their sockets. If you have sufficient privilege, you can put a trivial program in front of the fingerd (tar archive in ftp.win.tue.nl:/pub/logdaemon.Z, file tcpd.c). This program uses the syslog(3) facility to report the use of connection-oriented services such as telnet, rlogin, rsh, exec. By the way, if you are worried about the use of the finger service, you may also want to keep track of requests to the systat service that usually is enabled on Ultrix systems (systat just pipes the output from the who(1) command to the net). The miscd.c file in the above-mentioned tar archive takes care of monitoring systat.