- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: track rlogin,remsh,rcmd
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-10-2009 11:05 PM
тАО09-10-2009 11:05 PM
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-11-2009 12:51 AM
тАО09-11-2009 12:51 AM
SolutionNow inetd will log the source hostname, IP and the service used on every connection.
Read /var/adm/syslog/syslog.log to find out where the connection attempts are coming from and which user account they're using. Then track down the users with this information.
MK
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-11-2009 04:00 AM
тАО09-11-2009 04:00 AM
Re: track rlogin,remsh,rcmd
it is for which users are doing what
For long list, use:
# whodo -l
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-11-2009 04:03 AM
тАО09-11-2009 04:03 AM
Re: track rlogin,remsh,rcmd
# whodo -l | grep -i
for more info check the man page
# man whodo
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-11-2009 07:34 AM
тАО09-11-2009 07:34 AM
Re: track rlogin,remsh,rcmd
Best way to accomplish your goal is to put a message display block in the /etc/profile starting 30 days before you cut off the r-commands. And make sure it is read by asking for the user to hit enter after reading, by putting something like
read dummy
at the end of message echo statements. At the end of the 30 day period, just plain cut them off. They will be forced to comply. First few days after that will be a little harsh on the support team, but slowly, they will resume functioning properly.
HTH
UNIX because I majored in cryptology...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-11-2009 08:10 AM
тАО09-11-2009 08:10 AM
Re: track rlogin,remsh,rcmd
good suggestion of /etc/profile.
But i am looking for helping users moving out of r* commands. like finding alternative ways for executing scripts/ automated processed which use these commands.
my first step is to find out if anyone is using these commands in manual or automated ways. more difficult is to find out where these cmd used in automation.
any ideas around that pls ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-11-2009 08:26 AM
тАО09-11-2009 08:26 AM
Re: track rlogin,remsh,rcmd
> But i am looking for helping users moving out of r* commands. like finding alternative ways for executing scripts/ automated processed which use these commands.
First, I wholly agree with Mel. Advertise the demise of the unsecure r-commands and then cut those off when you say you will.
As for finding their use in automated processes, start by examining the processes listed in the 'crontabs' of any users with them. You could 'grep' for 'rcp', 'remsh', 'rlogin', 'rexec', etc. When found you could advise the user via mail that these methods will be prohibited after some date --- a fix it or it won't work dictum. Of course you need the support of management. Company auditors make excellent "bad-guys" too.
Regards!
...JRF...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-11-2009 08:30 AM
тАО09-11-2009 08:30 AM
Re: track rlogin,remsh,rcmd
thanks for the valuable suggestion.
I am testing it. rlogin attempt shows as login/tcp in syslog and remsh attempt as shell/tcp. still need to test rcmd,rcp etc.
thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-11-2009 09:27 AM
тАО09-11-2009 09:27 AM
Re: track rlogin,remsh,rcmd
Please make a habit to assign points, people who give there valuable time to your problem you also take some time to assign points to there work.
If you don├в t know how to assign please see this below link.
http://forums13.itrc.hp.com/service/forums/helptips.do?#33
Suraj
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-15-2009 09:33 PM
тАО09-15-2009 09:33 PM
Re: track rlogin,remsh,rcmd
Please let me know if you have any suggestions about this problem.
regards.