FTP "OTHER Root" Logs

der.hans plug-discuss@lists.PLUG.phoenix.az.us
Sun, 8 Apr 2001 19:27:22 -0700 (MST) 

Am 08. Apr, 2001 schwäzte Craig White so:

> I am really tickled that I contributed something that you didn't know. I

So am I :). I participate because I want to learn.

> used to lay low and not offer advice since I was certain that so many had
> much better answers but am gaining a bit more confidence as time goes on.

You've added a lot of good info ( as well quite a few good jokes :).

> I don't know about the 644 on wtmp & btmp - some processes run as
> other than root and you may want them to log successful/unsuccessful
> logins to these files (does wu-ftpd run as root?) so YMMV. I also have

Yeah, I don't know what the perms should be. That's why I turned in the
bug report :). I guess I could do the "used the source as my
documentation" thing :). I'll stick with manpages for now...

The manpage for wtmp says "wtmp is maintained by login(1), and init(1) and
some versions of getty(1)." It also has:

       Note that the utmp struct from libc5 has changed in libc6.
       Because  of this, binaries using the old libc5 struct will
       corrupt /var/run/utmp and/or /var/log/wtmp.   Debian  sys­
       tems  include a patched libc5 which uses the new utmp for­
       mat.  The  problem  still  exists  with  wtmp  since  it's
       accessed directly in libc5.

Under SEE ALSO it mentions updwtmp(3). "updwtmp()  appends the utmp
structure ut to the wtmp file." "Both functions are available under
glibc2, but not under libc5." I think this means I should look at the
source for glibc2 and find out what perms and ownership it wants :).

> cron files that send me an email with the output of last, lastb, &
> grep of the word REJECT in /var/log/messages at various times as a
> means to monitor a system (still uncertain as to how far portsentry
> actually goes). Having some systems cracked before, it's obvious that
> cleanup of the wtmp file is one of the methods employed by crackers to
> hide their presence.

Do you implement anything to automagically check logs? I'm trying to
evaluate a couple of such beasts and add the functionality I want.

> I know that you ragged on webmin / webadmin as being a bit too
> technical for the 'non-technicals' but in actuality, it is really

Actually, I didn't mean to rag on it. Guess I didn't think about my
wording well enough :(. I did look at webmin a couple of months ago and
there was way too much detail, specifically for postfix, for newbies. Or
so it seemed with the brief glance I gave it :).

> useful as a GUI for those that don't need the GUI, just appreciate
> having the GUI around. I also use it for 2nd tier administrators
> allowing them to create users & groups, mail aliases, and in some
> cases, samba users.

Yeah. I want webmin to turn out well. I need to take a better look at
it. In fact, your bringing it up reminds me that I planned on installing
it and playing with it :). Guess it's time to do that...

BTW, what I want is an admin tool that works from a terminal. GUI and/or
web are also convenient. It needs to use standard command line tools to
initiate the configuration tools. In the case where standard tools for a
task don't exist, e.g. editing configuration files, then it should turn
out such a tool that becomes a seperate project. This is, of course,
heavily IMHO[1] :).

This'll actually be hard because I have to apt-get more than 2 packages
;-).

ciao,

der.hans

[1] In My Hansatic Opinion ;-)
-- 
#  der.hans@LuftHans.com   home.pages.de/~lufthans/   www.YourCompanyHere.net ;-)
#  Magic is science unexplained. - der.hans