HPE Community
Operating System - HP-UX
1752766 Members
5324 Online
108789 Solutions
New Discussion юеВ

Re: track rlogin,remsh,rcmd

 
SOLVED
Go to solution
Pradep
Regular Advisor

тАО09-15-2009 09:37 PM

тАО09-15-2009 09:37 PM

Re: track rlogin,remsh,rcmd

Hi Matti,

inetd -l is tracing the connection source.
but not telling which user initiated it.
how to find the user pls.
0 Kudos
Reply
Suraj K Sankari
Honored Contributor

тАО09-15-2009 09:48 PM

тАО09-15-2009 09:48 PM

Re: track rlogin,remsh,rcmd

Hi,

You can check your syslog.log file

Suraj
0 Kudos
Reply
Matti_Kurkela
Honored Contributor

тАО09-16-2009 05:18 AM

тАО09-16-2009 05:18 AM

Re: track rlogin,remsh,rcmd

"inetd -l" gives you dates & times when someone used rlogin (or any other inetd service).

Run the "last" command to get a list of logins by time & username. When you find a login time that matches the time of the rlogin use (with an accuracy of about +/- 1 second), you'll know the name of the user account that was accessed with rlogin.

If you have assigned personal user accounts to each user, the name of the user account should normally be enough to identify the user.

If you have user accounts that are used by multiple users, you may have to examine the logs of each rlogin client machine to find out who was using them at the time rlogin was used. (And you will also understand by experience why security auditors say that multi-user accounts are a bad thing.)

MK
MK
Reply
Pradep
Regular Advisor

тАО09-16-2009 07:09 AM

тАО09-16-2009 07:09 AM

Re: track rlogin,remsh,rcmd

Thanks, Matti.
Is there a way to find the connections initiated from the server.
inetd -l is showing only the ones coming to the server.
thanks.
0 Kudos
Reply
Mel Burslan
Honored Contributor

тАО09-16-2009 07:26 AM

тАО09-16-2009 07:26 AM

Re: track rlogin,remsh,rcmd

unless accounting is turned on the source system (initiating system) there is no traces of what application has been launched on this system. rlogin or remsh are just mere applications. Short of putting wrappers around these executables to log something to some log file, you are pretty much out of luck tracking them.
________________________________
UNIX because I majored in cryptology...
0 Kudos
Reply
Pradep
Regular Advisor

тАО09-16-2009 08:49 AM

тАО09-16-2009 08:49 AM

Re: track rlogin,remsh,rcmd

Thank you all.
I close the thread here.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.