[1070] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] TCP Wrappers Syslogging

daemon@ATHENA.MIT.EDU (Wietse Venema)
Sun Aug 25 20:28:04 1996

From: wietse@wzv.win.tue.nl (Wietse Venema)
To: linux-security@tarsier.cv.nrao.edu
Date: Sun, 25 Aug 96 16:28:51 MET DST
Cc: wietse@wzv.win.tue.nl (Wietse Venema),
        nborisov@calum.csclub.uwaterloo.ca (Nikita Borisov)
In-Reply-To: <199608092108.RAA05583@calum.csclub.uwaterloo.ca>; from "Nikita Borisov" at Aug 9, 96 5:08 pm

During my vacation, Nikita Borisov posted a patch to make tcpd log the
client host address in addition to the client host name. Unfortunately
this patch can break the virtual host support, since it uses the same
static buffer for the %H (server) and %h (client) expansions.

    +#ifdef ALWAYS_IP_ADDR
    +    static char host_and_ip[2 * STRING_LENGTH+2];
    +#endif
    ...
    +#ifdef ALWAYS_IP_ADDR
    +	sprintf(host_and_ip, "%s [%s]", host->name, eval_hostaddr(host));
    +	return host_and_ip;
    +#else
     	return (host->name);
    +#endif 

Today, the easiest way to log both the client name and address is to
change the syslog calls in tcpd.c and refuse.c.

Configurable syslog messages and message tags (with %letter expansions)
are one of the items on the tcp wrapper TODO list.

	Wietse

home help back first fref pref prev next nref lref last post