logging ftp downloads.
Craig White
plug-discuss@lists.PLUG.phoenix.az.us
Sat, 11 Aug 2001 20:35:41 -0700
foodog wrote:
>
> IMO, for a Linux FTP box I'd run ProFTPD, www.proftpd.org
> Best I can do, since I don't know the answer you're looking for ;-)
> Steve
>
> "John (EBo) David" wrote:
> >
> > I've been crawling around and noticed some odd login's to my ftp
> > server. I see no xfer logs where I would expect, so I assume that I do
> > not have FTP logging turned on. Reading the docs, I see I need to give
> > ftpd a "-S" swithc. The question is where in suse to ser this. SuSE
> > plays some funny games with how they manage the config files so they can
> > automate a bunch of stuff with YaST. So, should I just add the "-S" to
> > the ftp definition in inetd.conf, or am I missing something?
> >
---
suggesting that he use another ftp server when he doesn't understand the
one he's got isn't exactly a great answer.
Does Suse still use inetd and not xinetd?
Do you have anon-ftpd installed?
Do you have wu-ftpd installed?
Both installed? try rpm -qa|grep ftp to see what you've got installed
Redhat logs all transfers - /var/log/xferlog
also /var/log/secure lists all log-ins
also try less last
the question is whether they are doing anonymous login and not able to
get anywhere or if these are authenticating users. Authenticated users
could be a problem if you don't have authenticated users. Also note that
ftp daemons - regardless of flavor are notorious security risks - and
MUST be kept up to date to cover exploits. Also, ftp really needs to
corral users into specific areas so if you let any REAL users on, you
need to chroot them. Do not allow any uploads until you are completely
up to snuff on security aspects of ftp program.
see
man ftpd
man ftpaccess
Craig