This is a small program that can be used to log "ident" info in conjunction
with the "inetd" daemon. Say for example that you wish to log all connections
to your "telnet" port. Change your inetd.conf file into something like this:
telnet stream tcp nowait root /usr/sbin/identify telnet-ident -b -i /usr/sbin/in.telnet in.telnet
This will generate log records in your /var/log/authlog file looking like:
Apr 9 03:17:50 foobar telnet-ident: pen@lysator.liu.se: /usr/sbin/in.telnet
There are a few options available. No manual page available yet though so
use the source.. :-)
Options available:
-i[<str>] Enable logging even if there is no remote Identification
Daemon to query. The optional string <str> is set to the
string that is to be used in the log record as the user
id. The default <str> is to print no user id at all.
-b Do the identification in the background. This will reduce
the time it takes to start the program.
-d<num> Set the file descriptor number that should be Identified.
-D Enable some debugging code
-o<num> Set the <logopt> code. Used in the openlog() call.
-f<num> Set the <facility> code. Used in the openlog() call.
This switch is only available on systems running the
modern 4.3BSD syslog daemon.
-n<name> Set the <name> argument. Used in the openlog() call.
-p<num> Set the <priority> code. Used in the syslog() call.
-m<msg> Set the <message> argument. Used in the syslog() call as an
alternative to the program path.
-x Don't do the user name identification lookup part. This is
useful to prevent loops if you decide to use identify to log
ident lookups.. Otherwise we would run into a loop pretty
quick.
-r<bits> Reject the connection complete if the first <bits> of the
IP address of the connecting user is different from the
local address. If you try to use this option together with
the "-b" option, then the "-b" option will be turned off.
-R Reject the connection if it wasn't possible to identify
the user via the IDENT protocol. If you try to use this
option together with the "-b" option, then the "-b" option
will be turned off. If you try to use this with the "-x"
option all connections will be rejected. :-)
-t<secs> Set a timeout of <secs> seconds for the connection to the
remote user identification server. The default timeout is
120 seconds. Set it to 0 to disable the timeout.
Credits go to Paul Hubbard <paul@oxy.edu> for the patches to
implement the "-x" and "-r" options.
Credits go to Alan P Barrett <root@daisy.ee.und.ac.za> for the patches to
implement the "-t<secs>" option.
/Peter Eriksson (pen@lysator.liu.se), 23 Aug 1992
|
