On Thu, 24 Oct 2002, Patrick Meylemans wrote:
> Dear,
>
> I'm receiving the following messages in the /var/log/message file :
>
> -> logger: verify_password: user 'Admin' not found in password file.
>
> We are running on RedHat7.0
> Postgresql7.1.3
>
> How can I trace the IP adres of the client trying to connect as Admin to
> our database ?
Looks more like a system log message than a postgres one. Simple answer to the
question whether it is or is to just fire up tcpdump with something like:
tcpdump -i <external interface> port 5432 or port 23 or port 21 or port 69 or
port 513 ...
including as many port numbers as you think are at risk or likely to be probed.
Of course this is a very simplistic approach and you probably need to run a
security audit which should lead to you stopping even those attempts generating
log messages on the target system
(Also I like xinetd instead of the plain inetd)
--
Nigel J. Andrews
