![]() It doesn't log the content (commands) of the FTP session, but you'll have timestamps and destinations. You'll see source and destination IPs for outbound FTP connections along with the timestamps, such as: May 18 11:29:40 localhost local4:info ipsec_logd: #:0 R:p O:10.1.1.1 S:10.1.1.1 D:10.2.2.2 P:tcp SP:55091 DP:21 R:l I:en0 F:n T:0 L:0 Wait for outbound FTP connections to occur, then: grep ipsec_logd /var/log/ipsec.log | grep DP:21 # -r L = applies only to packets destined or originated from the local host # -s, -m, -d, -M = source/dest IP & mask (any) I use pxelinux to display a menu containing startup and installation options for Windows, an Ubuntu network installer, and the Linux Mint 17 MATE live CD. # -w O = outbound connections change this to “B” to log in both directions I have a TFTP/DHCP/NFS/SMB server (Ubuntu server 12.04 LTS) on 192.168.26.1. touch a file in the directoy, chmod 666 it, and then via tftp localhost, try and overwrite the file. do a tftp localhost and try to put a file in the directory. make sure that the directory tftp will be writing to has 777 permissions. May 18 10:13:35 ftpserver daemon:debug ftpd: > /etc/nfĪdd a rule to allow and log traffic destined for port 21: # -v 4 = IPv4 make sure your xinetd.d/tftpd has -c -v -s /tftpboot in the server args line. ![]() Syslog will send any daemon's logs to this file, so you'll want to filter it down with grep, perhaps: grep 'daemon:debug ftpd' /var/log/ftp.log.Ĭommands that were sent via FTP will be logged with the string command: here's a sample: May 18 10:13:35 ftpserver daemon:debug ftpd: command: USER username-here^M To enable FTP logging on an AIX system, you need to reconfigure FTP (being called by inetd in your case) to send debug logs to syslog and to configure syslog to save those logs to a file.Įdit /etc/nf and add -d to the end of the ftpd line: ftp stream tcp6 nowait root /usr/sbin/ftpd ftpd -dĮdit /etc/nf and add a line for bug to save the logs somewhere: bug /var/log/ftp.logĬreate a file for syslog to write to: touch /var/log/ftp.log What commands have been performed on the local FTP server? What commands have been performed by the local FTP client to other servers.What commands have been performed on the local FTP server. ![]() So is there a log file for FTP?Ī) inetd is active and ftp is in it (thanks I am trying to know incoming and outgoing traffic on this port - with the commands that were performed (if possible). Is there a place on the AIX server where I should go and look to see the list of accessed and accessing servers via this port? If I have the IP of the server(s) and the file names, I will be able to track the program doing it.Should I cut the 21 port and see what transfers are blocked by the firewall?.Say I don't have the solution to install the tools I want on the server or on the Network. Ok, let's say I am responsible for old application that I don't really know the details of, I am trying to secure my server, and someone suggested to forbid the 21 port that used for FTP.īut I am not sure which programs are running and use FTP on a day to day basis. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |