[ale] Logs
George Nies
gnies at Lanier.COM
Wed Jul 24 19:17:24 EDT 1996
>
>
> Is there a way to determine the IP addresses to which users on a
> linux machine have telneted from? I have checked the /var/adm/lastlog
> which would seem to be a good place to put it but the file does not seem
> to be in a text format. How can i find the IP addresses of users that
> telnet to my machine?
>
>
> -Tim
Assuming you installed slackware, you are running a package called
TCP Wrappers. A quick look at /etc/inetd.conf will tell you.
# sample lines from /etc/inetd.conf
ftp stream tcp nowait root /usr/sbin/tcpd /usr/sbin/wu.ftpd
telnet stream tcp nowait root /usr/sbin/tcpd /usr/sbin/in.telnetd
# end sample
tcpd logs incomming connections through syslogd.
check out /var/adm/messages for lines like:
Jul 24 17:24:50 yourhostname in.telnetd[31189]: connect from foo.fee.org
for telnet,
Jul 24 17:23:50 yourhostname in.rlogind[31184]: connect from foo.fee.org
for rlogin,
Jul 24 17:23:50 yourhostname in.rshd[31184]: connect from foo.fee.org
for rsh.
-George
More information about the Ale
mailing list