bkahn@dg-rtp.dg.com (Bruce Kahn) (09/06/90)
How are anonymous FTP logins tracked?? I know that some systems want you to send your ID as the password but Ive looked all over documentation and my system but cant seem to find any log of this information. -- Bruce (bkahn@archive.rtp.dg.com or kahn@adam.dg.com) Standard disclaimers apply, except where prohibited by law...
emv@math.lsa.umich.edu (Edward Vielmetti) (09/11/90)
In article <913@dg.dg.com> bkahn@dg-rtp.dg.com (Bruce Kahn) writes:
How are anonymous FTP logins tracked?? I know that some systems want you
to send your ID as the password but Ive looked all over documentation and
my system but cant seem to find any log of this information.
Stock plain old vanilla BSD ftpd doesn't do anything special to log
anonymous ftp stuff.
Various people have modified their ftpd's to log various things, provide
access to things like message-of-the-day files, control maximum number
of incoming users on a per-network basis, etc.
A good bet would be to FTP to a big archive site and get the version
of ftpd that they use. If someone has infinite patience they could
try to kitbash together all of the various strains out there and identify
the useful features.
(No, I'm not volunteering.)
--Ed
Edward Vielmetti, U of Michigan math dept <emv@math.lsa.umich.edu>
moderator, comp.archives
jmc@PacBell.COM (Jerry M. Carlin) (09/11/90)
In article <913@dg.dg.com> bkahn@dg-rtp.dg.com (Bruce Kahn) writes: > How are anonymous FTP logins tracked?? I know that some systems want you >to send your ID as the password but Ive looked all over documentation and >my system but cant seem to find any log of this information. You can track them by setting debug in inetd.conf for ftpd (on the Sun in.ftpd -dl) and by setting /etc/syslog.conf to log daemon.debug. This will log EVERYTHING. BE CAREFUL as in some versions all passwords will be logged. Best advice is to use a foreign machine (LOGHOST) and make sure permissions are 600. -- Jerry M. Carlin (415) 823-2441 jmc@srv.pacbell.com To dream the impossible dream. To fight the unbeatable foe.
tomg@hpcvlx.cv.hp.com (Thomas J. Gilg) (09/11/90)
> How are anonymous FTP logins tracked?? I know that some systems want you > to send your ID as the password but Ive looked all over documentation and > my system but cant seem to find any log of this information. I've seen several versions of ftpd that utilize /usr/adm/wtmp and /usr/adm/btmp in some form or fashion. Its never really documented, but I've discovered that if those files exist, ftpd will use them. Your version of ftpd might log into the utmp files, and hopefully if it does, it dumps enough information to be useful. Hope this is useful info for you, Thomas Gilg tomg@cv.hp.com
pjg@acsu.buffalo.edu (Paul Graham) (09/12/90)
jmc@PacBell.COM (Jerry M. Carlin) writes: |In article <913@dg.dg.com> bkahn@dg-rtp.dg.com (Bruce Kahn) writes: |> How are anonymous FTP logins tracked?? | |You can track them by setting debug in inetd.conf for ftpd (on the Sun |in.ftpd -dl) and by setting /etc/syslog.conf to log daemon.debug. This will |log EVERYTHING. it appears (at least to me) with bsd+chroot systems you lose logging when the chroot happens for anon. connections. does logging to a remote host solve this problem? i just log to a file under ~ftp. -- pjg@acsu.buffalo.edu / rutgers!ub!pjg / pjg@ubvms
jmc@PacBell.COM (Jerry M. Carlin) (09/12/90)
In article <35673@eerie.acsu.Buffalo.EDU> pjg@acsu.buffalo.edu (Paul Graham) writes: >it appears (at least to me) with bsd+chroot systems you lose logging >when the chroot happens for anon. connections. does logging to a >remote host solve this problem? i just log to a file under ~ftp. This was discussed in July. Here is the part of the posting I saved: From: jik@athena.mit.edu (Jonathan I. Kamens) Newsgroups: comp.unix.wizards Subject: Re: syslog + chroot + ftpd Date: 29 Jul 90 20:24:47 GMT In article <LUIS.90Jul27181155@lutetia.rice.edu>, luis@lutetia.rice.edu (Luis Soltero) writes: |> has anyone noticed that syslog stops logging when ftpd logs in an |> anonymous ftp user? i have tracked the problem to the chroot system |> call In /etc/rc.local do: if [ -f /usr/etc/syslogd ]; then echo 'starting system logger' rm -f /dev/log /var/spool/ftp/dev/log syslogd ln /dev/log /var/spool/ftp/dev/log fi Future: Both Guy and Dan are correct in essence about the cause of the problem, which is (in more detail) that when the 4.3BSD syslog() sends messages to /dev/log by doing a sendto() on an unconnected socket, rather than doing connect() when openlog() is called so that the program has an idea of where messages should be sent, even after a chroot(). The BSD networking release sources (and thus, I assume, the 4.4BSD sources) solve this problem by doing a connect() to /dev/log the first time logging is done (or when openlog() is called), so that the program knows where to send messages even after the chroot(). If you can get your hands on this version of the syslog library code (it may be available on uunet.uu.net, or, if you have a BSD source license, you should be able to get it from BSD), you can install it in your C library and relink ftpd to get rid of the problem. -- Jerry M. Carlin (415) 823-2441 jmc@srv.pacbell.com To dream the impossible dream. To fight the unbeatable foe.
huopio@lut.fi (Kauto Huopio OH5LFM) (09/13/90)
I think that funic.funet.fi has quite an intelligent ftpd.. Just ftp it with anonymous and get the README file.. --kauto -- ****************** Kauto Huopio (huopio@kannel.lut.fi) ********************** *US Mail: Kauto Huopio, Punkkerikatu 1 A 10, SF-53850 Lappeenranta, Finland * *****************************************************************************
lear@turbo.bio.net (Eliot) (09/17/90)
I use a slightly whacked version I found on bu.edu. It logs just about everything. -- Eliot Lear [lear@turbo.bio.net]
eap@world.std.com (Eric Pearce) (10/03/90)
In article <Sep.16.20.02.46.1990.9804@turbo.bio.net> lear@turbo.bio.net (Eliot) says: >I use a slightly whacked version I found on bu.edu. It logs just >about everything. >-- >Eliot Lear >[lear@turbo.bio.net] I went one step further and made it log to a separate syslog facility. I changed LOG_DAEMON to LOG_LOCAL0 in openlog() in ftpd and added "local0.info /var/log/ftp" to /etc/syslog.conf. This makes it real easy to see what people are up to without wading through a bunch of random daemon info. You have 8 "local" facilities to play with, so you might as well use them. -e