Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!usc!samsung!munnari.oz.au!goanna!minyos!rxcob From: rxcob@minyos.xx.rmit.oz.au (Owen Baker) Newsgroups: comp.sys.sgi Subject: Re: anon ftp config advice Message-ID: <6416@minyos.xx.rmit.oz.au> Date: 4 Dec 90 06:40:31 GMT References: <9012032131.AA05576@karron.med.nyu.edu> <6404@minyos.xx.rmit.oz.au> Organization: RMIT Computer Centre, Melbourne Australia. Lines: 61 mg@ (Mike Gigante) writes: >rxcob@minyos.xx.rmit.oz.au (Owen Baker) writes: >>>How can I log what anonymous users are doing on my anon ftp account ? >>>I would like to keep stats on what people are taking (to justify >>>the popularity of my junk for my boss). >>Do a man on FTP. There is a debug option (-d I think) for when the daemon is >>started which logs all users and passwords and other stuff. The only problem >>this has is that it works for all FTP users, not just anonymous, so its not >>a very nice way of seeing everybodys passwords...... >Humbug! >Only anonymous FTP logs the passwd. It does so because the convention for >anonymous ftp is to use your login id as the passwd. Here is a excerpt from >my log. >As you can see it gives the passwd for ANONYMOUS ftp, but only the user id >for normal ftp users. >Nov 29 09:00:29 godzilla ftpd[13518]: connection from zingo.nec.com >Nov 29 09:00:36 godzilla ftpd[13518]: ANONYMOUS FTP login from zingo.nec.com, edna >Nov 29 14:12:01 godzilla ftpd[17127]: connection from koala.co.rmit.OZ.AU >Nov 29 14:12:05 godzilla ftpd[17127]: FTP login from koala.co.rmit.OZ.AU as idm >So in the above examples, the user edna@zingo.nec.com used anon FTP and >the user idm@koala.co.rmit.oz.au used normal user ftp. >You rely on the good faith of users (and sensibility) to use their real >user ids as passwd for ANON ftp. >I had one recent anon ftp session that used the passwd 'ident' (It does >say > "331 Guest login ok, send ident as password." >:-) >Mike Are you saying that FTP automatically logs all anonymous FTP sessions? I thought that you had to add -d to do this? The entry in our /usr/etc/inetd.conf is as follows: "ftp stream tcp nowait root /usr/etc/ftpd ftpd -d -l" and the result you get in SYSLOG is: Oct 3 12:25:06 caxton ftpd[14226]: FTPD: command: PASS ftp^M Oct 26 11:49:01 caxton ftpd[16664]: FTPD: command: PASS dmh@goanna^M Oct 29 17:31:22 caxton ftpd[3856]: FTPD: command: PASS asdasdasdasd^M Nov 22 11:25:15 caxton ftpd[19838]: FTPD: command: PASS trl@goanna.cs.rmit^M etc..... What is doing this then the -d or -l or both or have I seriously lost the plot somewhere here? Owen. PS. If Im right (slim chance I would say) then humbug back!!