Subject: Re: Security - was Re: logger
To: the boogeyman <boogeymn@psyber.com>
From: Stephen C. Brown <sbrown@shellx.best.com>
List: port-mac68k
Date: 01/31/1997 23:05:37
>is there a good logging utility that will log all users actions to a file
>sort of like a .history or something...you know, what they do, telnet to
>where, if they run anything...stuff like that....also is there a program
>that logs unauthorized connections from other computers? does
>tcp_wrappers do this?
tcp wrappers will allow you to log all incoming connections through
"wrappering" the programs normally started by "inetd". This is definitely
"a good thing". One of the nifty things about tcp wrappers is that you
can, through a "hosts.allow" or "hosts.deny" file, configure which
other computers are allowed or denied access to the various services
on your computer(you can specify IP address and/or hostname patterns,
even :-)...). I guess this addresses the "other computer" part of your
question.
>From the way the question is worded, it almost sounds as if you're
worried about the people already on the computer. I really am hesitant
to suggest that you go overboard on security worries about people
already on your system. Once you're on a system it becomes eminently
easier to hack things. It's better to stop them at the door. For
that purpose, I suggest "COPS", "tcp wrappers", and possibly
"crack". "tripwire" could be used if you were exceedingly paranoid.
But, I wouldn't suggest it even on a fast mac as "tripwire" takes a
lot of cpu power computing checksums of all file contents, inodes, etc.
You might take a glance at the CERT(Computer Emergency Response Team)
ftp site at:
<ftp://ftp.cert.org>
They have a number of tools there, including "tcp wrappers".
Steve Brown,
sbrown@best.com
>
> . " ^ . ^
> . o^ ^o ,
> . , ' .$; [the boogeyman <boogeymn@psyber.com] ;$. ' , .
> ;p '$, (finger for pgp key) ,$' q;
> ^ . o . . o . ^
> ^$ p o ^