Original:
> We just enabled anonymous ftp on one of our servers.
> By convention, users enter their real names as the
> pseudo-password. We want to log this. The only log
> method we have found also logs REAL user names and
> passwords when non-anonymous ftp is used. This is
> not acceptable. We have temporarily turned off logging,
> but need to get this implemented correctly. How?
> /////////////
> Danny Johnson, Texas Instruments (214-995-8719)
The answer generically is to get a third-party ftpd
that supports selective logging. The following replies
were extracted from the many people who responded.
Thanks to everybody.
**************************************************
The modified fptd from WUArchive does what you want. It
logs the user ID for non-anonymous users, but logs the string
"password" instead of the real password.
1) Get a new ftpd package with the patches from the following sites:
1) wuarchive.wustl.edu:/packages/ftpd.wuarchive.shar
2) sunsite.unc.edu
3) ftp.uu.net has the uunet-ftpd.patches
get wuftpd (wuarchive.wustl.edu) it does a much better job of everything
concerning ftpd. i've been running mine for a long time. get:
-rw-r--r-- 1 root 491520 Apr 9 13:21 wu-ftpd-2.0.tar
or newer. there was a security hole with the older version.
If you are using the wuarchive ftpd, there is a line in the "ftpaccess"
file that specifies the logging. Change it from:
log commands real,anonymous
to:
log commands anonymous
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:07:49 CDT