See also Bugzilla 27089 ... commenting out and restarting the xinetd error logging dies NOT stop the message service pop3 { disable = no socket_type = stream wait = no user = root server = /usr/sbin/ipop3d log_on_success += USERID ## log_on_failure += USERID } ----------------------------------- The reporting host is a stock RH 7.1 server, wiht all updates applied. The source hosts are behind another RH 7.1, running iptables DNATting and are various Windows hosts. NO ident information would be forthcoming. Still getting: Jun 29 22:06:40 compaq2 xinetd[4117]: Bad line received from identity server at 10.11.9.71: 1643 Jun 29 22:06:47 compaq2 xinetd[4118]: Bad line received from identity server at 10.11.9.71: 1603 Jun 29 22:06:49 compaq2 xinetd[4119]: Bad line received from identity server at 10.11.9.71: 1604 (IP information modified for confidentiality of client site)
Does it help to uncomment the other line mentioning the userid as well? Are all other services, so you know the requests aren't coming from them?
Hi, Teg, Actually, I had COMMENTED OUT the error related message. The messages continued. At the time of the report, ONLY ipop3 was enabled -- I later enabled ftpd-BSD, and it is reporting as expected. Commenting BOTH out stops the messages ... But this seems to be the wrong solution. (More below the snippage) [root@compaq2 xinetd.d]# joe ipop3 Processing '/etc/joe/joerc'...done [root@compaq2 xinetd.d]# rm *~ rm: remove `ipop3~'? y [root@compaq2 xinetd.d]# service xinetd stop Stopping xinetd: [ OK ] [root@compaq2 xinetd.d]# ps ax | grep pop [root@compaq2 xinetd.d]# service xinetd start Starting xinetd: [ OK ] [root@compaq2 xinetd.d]# sleep 60 ; tail -40 /var/log/messages <snip> Jul 2 20:25:30 compaq2 xinetd[2521]: Bad line received from identity server at 10.11.9.71: 3171 Jul 2 20:25:40 compaq2 xinetd[2159]: Exiting... Jul 2 20:25:40 compaq2 xinetd: xinetd shutdown succeeded <snip> Jul 2 20:25:53 compaq2 xinetd[2549]: xinetd Version 2.1.8.9pre16 started with libwrap options compiled in. Jul 2 20:25:53 compaq2 xinetd[2549]: Started working: 2 available services Jul 2 20:25:56 compaq2 xinetd: xinetd startup succeeded [root@compaq2 xinetd.d]# sleep 360 ; tail -10 /var/log/messages Jul 2 20:25:53 compaq2 xinetd[2549]: pop3s disabled, removing <snip> Jul 2 20:25:53 compaq2 xinetd[2549]: time disabled, removing Jul 2 20:25:53 compaq2 xinetd[2549]: xinetd Version 2.1.8.9pre16 started with libwrap options compiled in. Jul 2 20:25:53 compaq2 xinetd[2549]: Started working: 2 available services Jul 2 20:25:56 compaq2 xinetd: xinetd startup succeeded [root@compaq2 xinetd.d]# cat ipop3 # default: off # description: The POP3 service allows remote users to access their mail \ # using an POP3 client such as Netscape Communicator, mutt, \ # or fetchmail. service pop3 { disable = no socket_type = stream wait = no user = root server = /usr/sbin/ipop3d ## log_on_success += USERID ## log_on_failure += USERID } [root@compaq2 xinetd.d]# --------------------------------- Then I uncommented :log_on_failure: -- and NO messages appeared ... So maybe there is some logic inversion in the error/success test. - R
It obtains the information before the service does access control... this way, you can't avoid the request by terminating the connection when authentication fails.