[995] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] TCP Wrappers Syslogging

daemon@ATHENA.MIT.EDU (Nikita Borisov)
Sat Aug 10 12:09:54 1996

In-reply-to: Your message of "Fri, 09 Aug 1996 01:26:42 EDT."
             <199608090526.BAA01176@musashi.gsgis.K12.VA.US> 
To: Algis Rudys <arudys@musashi.gsgis.K12.VA.US>
cc: linux-security@tarsier.cv.nrao.edu, wietse@wzv.win.tue.nl
Date: Fri, 09 Aug 1996 17:08:32 -0400
From: Nikita Borisov <nborisov@calum.csclub.uwaterloo.ca>

Algis Rudys writes:
>Hi all.
>	I am using TCP Wrappers 7.4 by Wietse Venema. I am trying
>to get the wrappers to log both the Domain name and IP address to 
>Syslog of all Incoming connections (currently only Names are
>logged.). 
>
>	Is this advisable; and if so, is there a patch available
>to indicate to me how I should go about doing this?

There is now. :)  I've added a ALWAYS_IP_ADDR define to the Makefile
that makes the daemon always log the IP address, regardless of whether
the DNS fails.  Here's the patch:

[REW: Nit: The comment on the second added line should read "lookup
succeeds".  The TCP wrappers are already pretty paranoid about
trusting DNS, but having the IP number really can't hurt. Note that
my current setup allows connections from anywhere, so it will also
allow connections from "PARANOID", the special host that corresponds
to someone who is attempting a DNS spoof.]


diff -Nur old/tcp_wrappers_7.4/Makefile tcp_wrappers_7.4/Makefile
--- old/tcp_wrappers_7.4/Makefile	Mon Mar 25 13:22:25 1996
+++ tcp_wrappers_7.4/Makefile	Fri Aug  9 17:03:59 1996
@@ -619,6 +619,10 @@
 #
 # KILL_OPT= -DKILL_IP_OPTIONS
 
+# Optional: Always log the IP address of the host, even if the DNS 
+# lookup fails
+ALWAYS_IP_OPT= -DALWAYS_IP_ADDR
+
 ## End configuration options
 ############################
 
@@ -628,7 +632,7 @@
 .c.o:;	$(CC) $(CFLAGS) -c $*.c
 
 CFLAGS	= -O -DFACILITY=$(FACILITY) $(ACCESS) $(PARANOID) $(NETGROUP) \
-	$(BUGS) $(SYSTYPE) $(AUTH) $(UMASK) \
+	$(BUGS) $(SYSTYPE) $(AUTH) $(UMASK) $(ALWAYS_IP_OPT) \
 	-DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" $(STYLE) $(KILL_OPT) \
 	-DSEVERITY=$(SEVERITY) -DRFC931_TIMEOUT=$(RFC931_TIMEOUT) \
 	$(UCHAR) $(TABLES) $(STRINGS) $(TLI) $(EXTRA_CFLAGS) $(DOT) \
diff -Nur old/tcp_wrappers_7.4/eval.c tcp_wrappers_7.4/eval.c
--- old/tcp_wrappers_7.4/eval.c	Mon Jan 30 13:51:46 1995
+++ tcp_wrappers_7.4/eval.c	Fri Aug  9 17:03:59 1996
@@ -85,6 +85,9 @@
 struct host_info *host;
 {
     char   *hostname;
+#ifdef ALWAYS_IP_ADDR
+    static char host_and_ip[2 * STRING_LENGTH+2];
+#endif
 
 #ifndef ALWAYS_HOSTNAME				/* no implicit host lookups */
     if (host->name[0] == 0)
@@ -92,7 +95,12 @@
 #endif
     hostname = eval_hostname(host);
     if (HOSTNAME_KNOWN(hostname)) {
+#ifdef ALWAYS_IP_ADDR
+	sprintf(host_and_ip, "%s [%s]", host->name, eval_hostaddr(host));
+	return host_and_ip;
+#else
 	return (host->name);
+#endif 
     } else {
 	return (eval_hostaddr(host));
     }


--
Nikita Borisov - Computer Science/Pure Math at the
University of Waterloo (almost psycho stream).
finger nborisov@calum.csclub.uwaterloo.ca for more info

home help back first fref pref prev next nref lref last post