Solved

RedHat xinetd log question

Posted on 2002-06-03
9
662 Views
Last Modified: 2013-12-16
I have a RH 7.1 setup as a server and it uses xinetd to control many of the network services.  ]

While most of these are disabled, I'd like to have some information about failed attempts to connect to disabled ports.  Is there a logging option to xinetd that will tell me for instance that IP=x.x.x.x attempted to connect to the TELNET port or similar?

Thanks.
0
Comment
Question by:jhance
9 Comments
 
LVL 3

Expert Comment

by:DVB
ID: 7053079
If the service is disabled, then you will not have any logs from xinetd at all, since the request never reaches xinetd.
You could instead install portsentry, or write a small firewall script that denies and logs all such attempts.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 7054128
do you really want to be informed about approx. 65000 ports? Then I'd use ipchains/iptables' -j LOG  to do it.
Or more complicated: use tcp.wrapper in xinetd with a logging program of your choice.
0
 
LVL 32

Author Comment

by:jhance
ID: 7054155
No, not all 65000 ports.  Only a select few.
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 51

Expert Comment

by:ahoffmann
ID: 7054244
never tried it, but using tcp.wrapper (or tcpd, or whatever RH has named it) and a home-made prog which checks with netstat -pan for the IP ...

  iptables -A INPUT -p tcp --dport xxx -j LOG --log-prefix "DROP-xxx " 
  iptables -A INPUT -p tcp --dport xxx -j DROP

looks much simpler ;-)
0
 
LVL 1

Expert Comment

by:smisk
ID: 7075829
<a href="http://www.snort.org/">snort</a> is great at this.  Install it, mess around a bit, and then write some custom rules for it.

The basic format of the rules you will want (the manual can be found <a href="http://www.snort.org/docs/writing_rules/">here</a>) are as follows :

alert tcp any any -> 10.0.0.5 23 (msg:"Telnet traffic";)

This alerts (where it logs to is configurable) when any host and any port tries to connect to 10.0.0.5 port 23 (telnet).

0
 
LVL 1

Expert Comment

by:BigJoe1008
ID: 7078278
Very simple solution is to install Port Sentry (http://www.psionic.com/products/portsentry.html).  You can set this up to log, alert and/or block on this activity.  If you have a firewall installed (ie ipchains, iptables) PortSentry will not see any ports that you have blocked.  

--Joe
0
 
LVL 32

Author Comment

by:jhance
ID: 7078852
I haven't given up on this question.  I've just been busy with some other stuff and haven't had time to evaluate these suggestions.

0
 

Expert Comment

by:CleanupPing
ID: 9077004
jhance:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0
 
LVL 1

Accepted Solution

by:
drewber earned 100 total points
ID: 9220375
This question has been classified abandoned. I will make a recommendation to the moderators on its resolution in a week or two. I appreciate any comments that would help me to make a recommendation.
 

Unless it is clear to me that the question has been answered I will recommend delete. It is possible that a Grade less than A will be given if no expert makes a case for an A grade. It is assumed that any participant not responding to this request is no longer interested in its final disposition.

 
If the user does not know how to close the question, the options are here:
http://www.experts-exchange.com/help/closing.jsp
 
drewber
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Backup & Restore 3 66
VMware Workstation 12 Player 16 118
trouble on installing syslog-ng on CentOS 7 7 51
Trying to install php56 on CentOS 7 get GPG error 5 27
How many times have you wanted to quickly do the same thing to a list but found yourself typing it again and again? I first figured out a small time saver with the up arrow to recall the last command but that can only get you so far if you have a bi…
Google Drive is extremely cheap offsite storage, and it's even possible to get extra storage for free for two years.  You can use the free account 15GB, and if you have an Android device..when you install Google Drive for the first time it will give…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

789 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question