Hi! this does NOT work. You have to uncomment the output lines in the popper code and recompile it. -- i.A. Dipl.-Inf. Boris Klug, boris.klug@ibs-ag.de, http://www.ibs-ag.de/ IBS AG engineering consulting software, The Quality Company Rathausstraße 56, 56203 Höhr-Grenzhausen, Fon: 02624/9180-0, Fax: -200
-----Ursprüngliche Nachricht----- Von: Roman Drahtmueller [mailto:draht@suse.de] Gesendet: Montag, 21. August 2000 14:30 An: Jürgen Bloß Cc: suse-security@suse.com Betreff: Re: [suse-security] Popper verbosity
Hi.
How can I stop the popper from logging every user access, even when the user did only check to see if there were any new mails. This seems hardly the kind of information that needs to be logged every time...
Bye,
Jürgen
According to the manpage, just remove the "-s" from the line in /etc/inetd.conf and restart/hangup inetd.
Roman. -- - - | Roman Drahtmüller <draht@suse.de> // "Caution: Cape does | SuSE GmbH - Security Phone: // not enable user to fly." | Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) | - -
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Hello again! Indeed, the suggested solution does not work! But there has to be a better way than rebuild the popper! Problem is: I couldn't find the output line in the popper source. Could it be that inetd is doing this log, before calling popper??? But I surely son't want to rebuild the inetd! Doesn't anybody else experience this problem that popper is cluttering the /var/log/messages file? There *must* be a way to stop this logging-call. Perhaps by configuring syslogd??? Jürgen
Hi!
this does NOT work. You have to uncomment the output lines in the popper code and recompile it.
Hi.
How can I stop the popper from logging every user access, even when the user did only check to see if there were any new mails. This seems
hardly the kind of information that needs to be logged every time...
Bye,
Jürgen
According to the manpage, just remove the "-s" from the line in /etc/inetd.conf and restart/hangup inetd.
-- "Soap and education are not as sudden as a massacre, but they are more deadly in the long run." - Mark Twain
Hello again!
Indeed, the suggested solution does not work! But there has to be a better way than rebuild the popper! Problem is: I couldn't find the output line in the popper source. Could it be that inetd is doing this log, before calling popper??? But I surely son't want to rebuild the inetd!
Doesn't anybody else experience this problem that popper is cluttering the /var/log/messages file?
There *must* be a way to stop this logging-call. Perhaps by configuring syslogd???
Jürgen
To clear this up: There are possibly two lines per connection in your syslogs: Aug 27 08:36:32 para popper[10193]: connect from 127.0.0.1 (127.0.0.1) Aug 27 08:37:01 para popper[10193]: Stats: shotdead 1 415 0 0 The first line is from /usr/sbin/tcpd (the tcp wrapper) in /etc/inetd.conf. It's not the popper program's fault - in fact, it doesn't even know that tcpd wrote a log since it was started from him. The second line vanishes if you remove the "-s" from the popper line in /etc/inetd.conf. This works, you find the relevant code in pop_updt.c:86 and pop_log.c. Thanks, Roman. -- - - | Roman Drahtmüller <draht@suse.de> // "Caution: Cape does | SuSE GmbH - Security Phone: // not enable user to fly." | Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) | - -
Roman Drahtmueller schrieb:
Hello again!
Indeed, the suggested solution does not work! But there has to be a better way than rebuild the popper! Problem is: I couldn't find the output line in the popper source. Could it be that inetd is doing this log, before calling popper??? But I surely son't want to rebuild the inetd!
Doesn't anybody else experience this problem that popper is cluttering the /var/log/messages file?
There *must* be a way to stop this logging-call. Perhaps by configuring syslogd???
Jürgen
To clear this up:
There are possibly two lines per connection in your syslogs:
Aug 27 08:36:32 para popper[10193]: connect from 127.0.0.1 (127.0.0.1) Aug 27 08:37:01 para popper[10193]: Stats: shotdead 1 415 0 0
The first line is from /usr/sbin/tcpd (the tcp wrapper) in /etc/inetd.conf. It's not the popper program's fault - in fact, it doesn't even know that tcpd wrote a log since it was started from him.
The second line vanishes if you remove the "-s" from the popper line in /etc/inetd.conf. This works, you find the relevant code in pop_updt.c:86 and pop_log.c.
Thanks for the information!!! Anyway, it doesn't solve my problem. The first of these two messages is the one that I want to get rid of! The second doesn't concern me (since I've already deactivated it). So, my question now is modified to: How do I stop *tcpd* from logging when it is used to start popper? Is there a way, or do I have to remove it from /etc/inetd.conf for POP3? Thanks again, Jürgen -- "Soap and education are not as sudden as a massacre, but they are more deadly in the long run." - Mark Twain
Thanks for the information!!! Anyway, it doesn't solve my problem. The first of these two messages is the one that I want to get rid of! The second doesn't concern me (since I've already deactivated it).
So, my question now is modified to: How do I stop *tcpd* from logging when it is used to start popper?
I must admit that I'm somewhat worried. :-) I believe that most people (security impaired or not) would agree that it's better to have logs and not to need them instead of needing and not having them.
Is there a way, or do I have to remove it from /etc/inetd.conf for POP3?
Yes. If this is your will... You'd be willing to have no logs of accesses at all, if I understand you correctly.
Thanks again,
Jürgen
Thanks, Roman. -- - - | Roman Drahtmüller <draht@suse.de> "Caution: Cape does not | SuSE GmbH - Security enable user to fly." | Nürnberg, Germany (Batman Costume warning label) | - -
Am 01 Sep 2000 schrieb Jürgen Bloß <Juergen.Bloss@basys-gmbh.de>:
There are possibly two lines per connection in your syslogs:
Aug 27 08:36:32 para popper[10193]: connect from 127.0.0.1 (127.0.0.1) Aug 27 08:37:01 para popper[10193]: Stats: shotdead 1 415 0 0
The first line is from /usr/sbin/tcpd (the tcp wrapper) in /etc/inetd.conf. It's not the popper program's fault - in fact, it doesn't even know that tcpd wrote a log since it was started from him.
The second line vanishes if you remove the "-s" from the popper line in /etc/inetd.conf. This works, you find the relevant code in pop_updt.c:86 and pop_log.c.
Thanks for the information!!! Anyway, it doesn't solve my problem. The first of these two messages is the one that I want to get rid of! The second doesn't concern me (since I've already deactivated it).
So, my question now is modified to: How do I stop *tcpd* from logging when it is used to start popper? Is there a way, or do I have to remove it from /etc/inetd.conf for POP3?
try: man 5 hosts_options /logging I have never tried this options, but it looks like you can direct the message to some other log facility. It may depend on your tcpd compile-time options if this works, too (see beginning of the man page). CU -- Stefan Huelswitt | http://home.pages.de/~nathan huels@iname.com | IRC: nathan @ #nrw.de
participants (4)
-
huels@iname.com -
Jürgen Bloß -
Klug, Boris -
Roman Drahtmueller