From doug@dt051n0b.san.rr.com  Sun Feb 27 01:22:38 2000
Return-Path: <doug@dt051n0b.san.rr.com>
Received: from dt051n0b.san.rr.com (dt051n0b.san.rr.com [204.210.32.11])
	by hub.freebsd.org (Postfix) with ESMTP id D2C7837B5DD
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 27 Feb 2000 01:22:35 -0800 (PST)
	(envelope-from doug@dt051n0b.san.rr.com)
Received: (from doug@localhost)
	by dt051n0b.san.rr.com (8.9.3/8.9.3) id BAA18744;
	Sun, 27 Feb 2000 01:22:34 -0800 (PST)
	(envelope-from doug)
Message-Id: <200002270922.BAA18744@dt051n0b.san.rr.com>
Date: Sun, 27 Feb 2000 01:22:34 -0800 (PST)
From: Doug@gorean.org
Sender: doug@dt051n0b.san.rr.com
Reply-To: Doug@gorean.org
To: FreeBSD-gnats-submit@freebsd.org
Subject: [PATCH] [SMALL] Clarify inetd's logging behavior
X-Send-Pr-Version: 3.2

>Number:         17017
>Category:       bin
>Synopsis:       [PATCH] [SMALL] Clarify inetd's logging behavior
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    sheldonh
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          doc-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Feb 27 01:30:02 PST 2000
>Closed-Date:    Wed Mar 1 00:28:22 PST 2000
>Last-Modified:  Wed Mar  1 11:20:01 PST 2000
>Originator:     Doug
>Release:        FreeBSD 3.4-STABLE-0219 i386
>Organization:
AAAG
>Environment:

	FreeBSD systems with the builtin libwrap

>Description:

	The inetd.8 man page is not clear about how, where, and
under what circumstances connections and attempts are logged.
This patch clarifies it.

>How-To-Repeat:

	man inetd

>Fix:
	
	Apply the following patch. This patch applies to both
-Current and -Stable, in both the CVS and reality. :)


Index: inetd.8
===================================================================
RCS file: /usr/ncvs/src/usr.sbin/inetd/inetd.8,v
retrieving revision 1.44
diff -u -r1.44 inetd.8
--- inetd.8	2000/01/28 10:21:19	1.44
+++ inetd.8	2000/02/27 09:15:08
@@ -505,10 +505,19 @@
 .Pp
 When given the
 .Fl l
-option
+option, and in the absence of the
+.Fl -w
+and
+.Fl -W
+options,
 .Nm
 will log an entry to syslog each time a connection is accepted, noting the
 service selected and the IP-number of the remote requestor if available.
+Unless otherwise specified in the configuration file
+.Nm
+will log to the
+.Dq daemon
+facility.
 .Pp
 The
 .Nm
@@ -539,12 +548,9 @@
 .Dq internal
 services will be wrapped. If both options are given, wrapping for both
 internal and external services will be enabled.
-.Pp
-If the
-.Fl l
-option is specified, all connection attempts are logged, whether they are
-allowed, denied or not wrapped at all. Otherwise, only denied requests will
-be logged.
+Either wrapping option will cause all connections to be logged to the
+.Dq auth
+syslog facility.
 .Pp
 Note that
 .Nm


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->sheldonh 
Responsible-Changed-By: sheldonh 
Responsible-Changed-When: Tue Feb 29 09:29:09 PST 2000 
Responsible-Changed-Why:  
I'll take this one. 

From: Sheldon Hearn <sheldonh@uunet.co.za>
To: Doug@gorean.org
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: bin/17017: [PATCH] [SMALL] Clarify inetd's logging behavior 
Date: Tue, 29 Feb 2000 19:33:41 +0200

 On Sun, 27 Feb 2000 01:22:34 PST, Doug@gorean.org wrote:
 
 > +Either wrapping option will cause all connections to be logged to the
 > +.Dq auth
 > +syslog facility.
 
 All connections?  Are you sure?  I use -wW and I only get _refuseds
 connections logged via syslog(3).
 
 Ciao,
 Sheldon.
 

From: Doug Barton <Doug@gorean.org>
To: Sheldon Hearn <sheldonh@uunet.co.za>
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: bin/17017: [PATCH] [SMALL] Clarify inetd's logging behavior
Date: Tue, 29 Feb 2000 22:01:21 -0800

 Sheldon Hearn wrote:
 > 
 > On Sun, 27 Feb 2000 01:22:34 PST, Doug@gorean.org wrote:
 > 
 > > +Either wrapping option will cause all connections to be logged to the
 > > +.Dq auth
 > > +syslog facility.
 > 
 > All connections?  Are you sure?  I use -wW and I only get _refuseds
 > connections logged via syslog(3).
 
 	Hrrmm.. good point. I have always used the -l so I just added the -wW.
 With -lwW successful and unsucessful logins are both logged to auth. I
 think the change from daemon to auth for -l is what threw me, and makes
 it that much more worth documenting. 
 
 Good catch,
 
 Doug
 -- 
 "Welcome to the desert of the real." 
 
     - Laurence Fishburne as Morpheus, "The Matrix"
 

From: Sheldon Hearn <sheldonh@uunet.co.za>
To: Doug Barton <Doug@gorean.org>
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: bin/17017: [PATCH] [SMALL] Clarify inetd's logging behavior 
Date: Wed, 01 Mar 2000 09:27:12 +0200

 On Tue, 29 Feb 2000 22:01:21 PST, Doug Barton wrote:
 
 > With -lwW successful and unsucessful logins are both logged to auth. I
 > think the change from daemon to auth for -l is what threw me, and makes
 > it that much more worth documenting. 
 
 So, um... care to reword?  I must admit that I'm not really seeing any
 inaccuracy in the manual page, just a lack of detail.  Am I right in
 thinking that it's only the lack of detail you're trying to address?
 
 Ciao,
 Sheldon.
 

From: Doug Barton <Doug@gorean.org>
To: Sheldon Hearn <sheldonh@uunet.co.za>
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: bin/17017: [PATCH] [SMALL] Clarify inetd's logging behavior
Date: Wed, 01 Mar 2000 00:02:53 -0800

 This is a multi-part message in MIME format.
 --------------C26C084BA4D007F4C8082275
 Content-Type: text/plain; charset=us-ascii
 Content-Transfer-Encoding: 7bit
 
 Sheldon Hearn wrote:
 > 
 > On Tue, 29 Feb 2000 22:01:21 PST, Doug Barton wrote:
 > 
 > > With -lwW successful and unsucessful logins are both logged to auth. I
 > > think the change from daemon to auth for -l is what threw me, and makes
 > > it that much more worth documenting.
 > 
 > So, um... care to reword?  I must admit that I'm not really seeing any
 > inaccuracy in the manual page, just a lack of detail.  Am I right in
 > thinking that it's only the lack of detail you're trying to address?
 
 	Yes, exactly. People who are seriously interested in getting the logs
 regularly (couple times a month) send the "I enabled -l for inetd but it
 doesn't log" questions to the mailing list. I shudder to think how many
 just give up. 
 
 	Attached is a diff to the latest.
 
 Thanks,
 
 Doug
 -- 
 "Welcome to the desert of the real." 
 
     - Laurence Fishburne as Morpheus, "The Matrix"
 --------------C26C084BA4D007F4C8082275
 Content-Type: text/plain; charset=us-ascii;
  name="inetd.8.diff"
 Content-Transfer-Encoding: 7bit
 Content-Disposition: inline;
  filename="inetd.8.diff"
 
 Index: inetd.8
 ===================================================================
 RCS file: /usr/ncvs/src/usr.sbin/inetd/inetd.8,v
 retrieving revision 1.45
 diff -u -r1.45 inetd.8
 --- inetd.8	2000/02/29 17:36:44	1.45
 +++ inetd.8	2000/03/01 08:00:43
 @@ -79,7 +79,7 @@
  .It Fl d
  Turn on debugging.
  .It Fl l
 -Turn on logging.
 +Turn on logging of successful connections.
  .It Fl w
  Turn on TCP Wrapping for external services.
  See the
 @@ -517,6 +517,15 @@
  .Nm
  will log an entry to syslog each time a connection is accepted, noting the
  service selected and the IP-number of the remote requestor if available.
 +Unless otherwise specified in the configuration file, and in the absence of the
 +.Fl W
 +and
 +.Fl w
 +options
 +.Nm
 +will log to the
 +.Dq daemon
 +facility.
  .Pp
  The
  .Nm
 @@ -549,13 +558,14 @@
  services will be wrapped.
  If both options are given, wrapping for both
  internal and external services will be enabled.
 -.Pp
 -If the
 +Either wrapping option will cause failed connections to be logged to the
 +.Dq auth
 +syslog facility. Adding the
  .Fl l
 -option is specified, all connection attempts are logged, whether they are
 -allowed, denied or not wrapped at all.
 -Otherwise, only denied requests will
 -be logged.
 +flag to the wrapping options will include successful connections in the
 +logging to the
 +.Dq auth
 +facility.
  .Pp
  Note that
  .Nm
 
 --------------C26C084BA4D007F4C8082275--
 
 
State-Changed-From-To: open->closed 
State-Changed-By: sheldonh 
State-Changed-When: Wed Mar 1 00:28:22 PST 2000 
State-Changed-Why:  
Committed and merged to stable, thanks! 

From: Sheldon Hearn <sheldonh@uunet.co.za>
To: Doug Barton <Doug@gorean.org>
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: bin/17017: [PATCH] [SMALL] Clarify inetd's logging behavior 
Date: Wed, 01 Mar 2000 10:27:42 +0200

 On Wed, 01 Mar 2000 00:02:53 PST, Doug Barton wrote:
 
 > 	Attached is a diff to the latest.
 
 Thanks!  I've committed a slightly mangled version of your patch.
 Please take a look at it, because you are quite involved in contributing
 to the project and you may as well see what was "wrong" with your diff
 now. :-)
 
 Basically, your patch broke two rules of thumb:
 
 1) Lines should be short enough such that typical mailers would not wrap
    them (i.e. <= 72 characters).  When a sentence is too long to fit on
    a single line, try to break it on sentence fragments, particularly
    immediately following punctuation.
 
    This makes diffs easier to review later.
 
 2) Sentences should start on a new line.
 
    The whitespace that separates a sentence from the preceding sentence on
    the same line is called a hard sentence break and tends to degrade
    the spacing in typeset versions of the document.  Hard sentence
    breaks also tend to make for bigger diffs later.
 
    Generally, it is acceptable to leave alone hard sentence breaks
    consisting of exactly two spaces alone in existing documents.  These
    should be left as is in patches that do not directly touch the
    adjacent sentences.
 
 I'm really hoping that someone will stick this _somewhere_ in the
 guidelines for contributions.  I'm just not sure _where_ exactly it
 should go.
 
 Ciao,
 Sheldon.
 

From: Chris Costello <chris@calldei.com>
To: Doug@gorean.org
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: bin/17017: [PATCH] [SMALL] Clarify inetd's logging behavior
Date: Wed, 1 Mar 2000 13:20:06 -0600

 On Sunday, February 27, 2000, Doug@gorean.org wrote:
 > >Category:       bin
 
 > Index: inetd.8
 > ===================================================================
 
    For future reference, the proper catagory for these reports is
 `doc'.
 
 -- 
 |Chris Costello <chris@calldei.com>
 |**FLASH** Energizer Bunny arrested, charged with battery. 
 `----------------------------------------------------------
 
>Unformatted:
