Sorry for the late response, thanks to all who answered my question:
Santosh Krishnan x2815 <santosh_at_heplinux1.uta.edu>
Steve Gibbons <steve_at_wyrm.AZTech.Net>
szgyula_at_skysrv.Pha.Jhu.EDU
Eric Bennett <bennett_at_hpel.cees.edu>
Arnaud Valeix <fnet_at_ifh.sncf.fr>
Why not ? <gege_at_cal.enst.fr>
Janne <janne_at_appelsiini.net>
"Piotr "Peter" Bienias" <bienias_at_ae.katowice.pl>
"Becki S Kain" <bkain1_at_ford.com>
Tom Webster <webster_at_europa.mdc.com>
jason andrade <jason_at_dstc.edu.au>
My original message was:
Dear managers,
Few weeks ago I installed tcp_wrappers in an DEC Alpha 3000 DU 3.2,
now I want to know if there's a way to now the person's username who made an
ftp, telnet, or whatever command. It just appear like:
Oct 9 09:32:58 host1 telnetd[1375]: connect from pc-test1.uacj.mx
Oct 9 14:03:17 host1 telnetd[4901]: connect from pc-test10.uacj.mx
Oct 9 18:25:58 host1 telnetd[7496]: connect from pc-test1.uacj.mx
Oct 9 19:39:51 host1 telnetd[8336]: connect from pc-test1.uacj.mx
Just date, hour, host, command and machine that made the connection.
I really appreciate your help, thanks in advance.
Solution:
Most of the messages that I received suggested me to use pidentd,
you can take it from:
ftp://ftp.lysator.liu.se/pub/ident/servers/pidentd-2.7.1.tar.gz, it works in
conjunction with tcp_wrappers, in the Makefile you must uncommment the line
AUTH = -DALWAYS_RFC931 and recompile it. Follow the pident INSTALL file
instructions for your host characteristics.
The tcp_wrappers list will appear like this:
Oct 25 10:31:46 host1 ftpd[2302]: connect from user1_at_host2.uacj.mx
Oct 25 13:44:09 host1 ftpd[4418]: connect from user2_at_host2.uacj.mx
Oct 25 16:06:20 host1 ftpd[6808]: refused connect from user3_at_host1.uacj.mx
Oct 25 16:06:45 host1 ftpd[6810]: refused connect from user4_at_host1.uacj.mx
Oct 25 17:39:28 host1 telnetd[7930]: connect from pc-test20.uacj.mx
Oct 25 17:43:43 host1 ftpd[7996]: connect from pc-test10.uacj.mx
Oct 25 17:43:56 host1 ftpd[7997]: connect from pc-test10.uacj.mx
This works only if you have installed pident in all hosts and pc's
(this won't work if remote machines don't have it), as you can see the last
tree entries doesn't have the username, the reason: I didn't installed ident
in those machines (I don't know if there is an ident version for a PC), but
it can help you to check the users who login from one host to another.
If you have any question about it you can e-mail me.
Thanks again to all who answered.
Ing. Rosa Isela Gonzalez Alvarez
Universidad Autonoma de Ciudad Juarez
Av. Adolfo Lopez Mateos # 20
C.P. 32310
Tel. 16-57-32 y 16-57-78 ext. 324
e-mail address rgonzale_at_uacj.mx
Received on Sat Oct 26 1996 - 02:24:11 NZDT