Hi! this does NOT work. You have to uncomment the output lines in the popper code and recompile it. -- i.A. Dipl.-Inf. Boris Klug, boris.klug@ibs-ag.de, http://www.ibs-ag.de/ IBS AG engineering consulting software, The Quality Company Rathausstraße 56, 56203 Höhr-Grenzhausen, Fon: 02624/9180-0, Fax: -200
Hello again! Indeed, the suggested solution does not work! But there has to be a better way than rebuild the popper! Problem is: I couldn't find the output line in the popper source. Could it be that inetd is doing this log, before calling popper??? But I surely son't want to rebuild the inetd! Doesn't anybody else experience this problem that popper is cluttering the /var/log/messages file? There *must* be a way to stop this logging-call. Perhaps by configuring syslogd??? Jürgen
-- "Soap and education are not as sudden as a massacre, but they are more deadly in the long run." - Mark Twain
To clear this up: There are possibly two lines per connection in your syslogs: Aug 27 08:36:32 para popper[10193]: connect from 127.0.0.1 (127.0.0.1) Aug 27 08:37:01 para popper[10193]: Stats: shotdead 1 415 0 0 The first line is from /usr/sbin/tcpd (the tcp wrapper) in /etc/inetd.conf. It's not the popper program's fault - in fact, it doesn't even know that tcpd wrote a log since it was started from him. The second line vanishes if you remove the "-s" from the popper line in /etc/inetd.conf. This works, you find the relevant code in pop_updt.c:86 and pop_log.c. Thanks, Roman. -- - - | Roman Drahtmüller <draht@suse.de> // "Caution: Cape does | SuSE GmbH - Security Phone: // not enable user to fly." | Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) | - -
Roman Drahtmueller schrieb:
Thanks for the information!!! Anyway, it doesn't solve my problem. The first of these two messages is the one that I want to get rid of! The second doesn't concern me (since I've already deactivated it). So, my question now is modified to: How do I stop *tcpd* from logging when it is used to start popper? Is there a way, or do I have to remove it from /etc/inetd.conf for POP3? Thanks again, Jürgen -- "Soap and education are not as sudden as a massacre, but they are more deadly in the long run." - Mark Twain
I must admit that I'm somewhat worried. :-) I believe that most people (security impaired or not) would agree that it's better to have logs and not to need them instead of needing and not having them.
Is there a way, or do I have to remove it from /etc/inetd.conf for POP3?
Yes. If this is your will... You'd be willing to have no logs of accesses at all, if I understand you correctly.
Thanks again,
Jürgen
Thanks, Roman. -- - - | Roman Drahtmüller <draht@suse.de> "Caution: Cape does not | SuSE GmbH - Security enable user to fly." | Nürnberg, Germany (Batman Costume warning label) | - -
Am 01 Sep 2000 schrieb Jürgen Bloß <Juergen.Bloss@basys-gmbh.de>:
try: man 5 hosts_options /logging I have never tried this options, but it looks like you can direct the message to some other log facility. It may depend on your tcpd compile-time options if this works, too (see beginning of the man page). CU -- Stefan Huelswitt | http://home.pages.de/~nathan huels@iname.com | IRC: nathan @ #nrw.de
Hello again! Indeed, the suggested solution does not work! But there has to be a better way than rebuild the popper! Problem is: I couldn't find the output line in the popper source. Could it be that inetd is doing this log, before calling popper??? But I surely son't want to rebuild the inetd! Doesn't anybody else experience this problem that popper is cluttering the /var/log/messages file? There *must* be a way to stop this logging-call. Perhaps by configuring syslogd??? Jürgen
-- "Soap and education are not as sudden as a massacre, but they are more deadly in the long run." - Mark Twain
To clear this up: There are possibly two lines per connection in your syslogs: Aug 27 08:36:32 para popper[10193]: connect from 127.0.0.1 (127.0.0.1) Aug 27 08:37:01 para popper[10193]: Stats: shotdead 1 415 0 0 The first line is from /usr/sbin/tcpd (the tcp wrapper) in /etc/inetd.conf. It's not the popper program's fault - in fact, it doesn't even know that tcpd wrote a log since it was started from him. The second line vanishes if you remove the "-s" from the popper line in /etc/inetd.conf. This works, you find the relevant code in pop_updt.c:86 and pop_log.c. Thanks, Roman. -- - - | Roman Drahtmüller <draht@suse.de> // "Caution: Cape does | SuSE GmbH - Security Phone: // not enable user to fly." | Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) | - -
Roman Drahtmueller schrieb:
Thanks for the information!!! Anyway, it doesn't solve my problem. The first of these two messages is the one that I want to get rid of! The second doesn't concern me (since I've already deactivated it). So, my question now is modified to: How do I stop *tcpd* from logging when it is used to start popper? Is there a way, or do I have to remove it from /etc/inetd.conf for POP3? Thanks again, Jürgen -- "Soap and education are not as sudden as a massacre, but they are more deadly in the long run." - Mark Twain
I must admit that I'm somewhat worried. :-) I believe that most people (security impaired or not) would agree that it's better to have logs and not to need them instead of needing and not having them.
Is there a way, or do I have to remove it from /etc/inetd.conf for POP3?
Yes. If this is your will... You'd be willing to have no logs of accesses at all, if I understand you correctly.
Thanks again,
Jürgen
Thanks, Roman. -- - - | Roman Drahtmüller <draht@suse.de> "Caution: Cape does not | SuSE GmbH - Security enable user to fly." | Nürnberg, Germany (Batman Costume warning label) | - -
Am 01 Sep 2000 schrieb Jürgen Bloß <Juergen.Bloss@basys-gmbh.de>:
try: man 5 hosts_options /logging I have never tried this options, but it looks like you can direct the message to some other log facility. It may depend on your tcpd compile-time options if this works, too (see beginning of the man page). CU -- Stefan Huelswitt | http://home.pages.de/~nathan huels@iname.com | IRC: nathan @ #nrw.de
participants (4)
-
huels@iname.com -
Jürgen Bloß -
Klug, Boris -
Roman Drahtmueller