One thought about telnet and FTP logging is having messages sent to Mark
Bixby's port of SYSLOG. Error messages could be sent to the SYSLOG
process. SYSLOG can then route the messages by a user defined route. Very
usefull stuff!!!
Tony Summers <[log in to unmask]> on 06/21/2000 11:55:28 AM
Please respond to Tony Summers <[log in to unmask]>
To: [log in to unmask]
cc: (bcc: Ron R Horner/CHI/Seabury)
Subject: Re: inetd message - side stepping the current thread
A big thank you to Jeff for these pearls of wisdom (see below) - I
think I have also used MPEX to increase the security of the system.
But another grumble is the poor logging offered by the INETD
services (for example where do FTP sessions or service denials get logged
?)
P.S. I don't recall INETD getting much space on the current system
improvement ballot.
(Sorry I'm in grumble mode today - but my Ops manager has just added a few
disks to our development box and certain files didn't make it onto the
restore).
>> snip
These services have been known to be abused for denial of service or
general horseplay, for example, spoofing packets to line a chargen port
to an echo port, or other weirdness. It is generally recommended that
these services be turned OFF unless you have a designated need.
In addition to this configuration file, an often overlooked facility is
the /usr/adm/inetd.sec file, which should be symlinked to INETDSEC.NET
(or vice versa). You can restrict access to any of your inetd services
by setting up the allowed network ranges for each service, preventing
arbitrary connections.
<< end snip
Jeff Kell <[log in to unmask]>