Read more
- Community Home
- >
- Servers and Operating Systems
- >
- Operating System - HP-UX
- >
- System Administration
- >
- track rlogin,remsh,rcmd
-
-
Categories
- Topics
- Hybrid IT with Cloud
- Mobile & IoT
- IT for Data & Analytics
- Transformation
- Strategy and Technology
- Products
- Cloud
- Integrated Systems
- Networking
- Servers and Operating Systems
- Services
- Storage
- Company
- Events
- Partner Solutions and Certifications
- Welcome
- Welcome
- Announcements
- Tips and Tricks
- Feedback
-
Blogs
- Alliances
- Around the Storage Block
- Behind the scenes @ Labs
- Converged Data Center Infrastructure
- Digital Transformation
- Grounded in the Cloud
- HPE Careers
- HPE Storage Tech Insiders
- Infrastructure Insights
- Inspiring Progress
- Internet of Things (IoT)
- My Learning Certification
- Networking
- OEM Solutions
- Servers: The Right Compute
- Telecom IQ
- Transforming IT
-
Quick Links
- Community
- Getting Started
- FAQ
- Ranking Overview
- Rules of Participation
- Contact
- Email us
- Tell us what you think
- Information Libraries
- Integrated Systems
- Networking
- Servers
- Storage
- Other HPE Sites
- Support Center
- Enterprise.nxt
- Marketplace
- Aruba Airheads Community
-
Categories
-
Forums
-
Blogs
-
InformationEnglish
track rlogin,remsh,rcmd
SOLVED- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
09-10-2009 11:05 PM
09-10-2009 11:05 PM
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
09-11-2009 12:51 AM
09-11-2009 12:51 AM
SolutionNow inetd will log the source hostname, IP and the service used on every connection.
Read /var/adm/syslog/syslog.log to find out where the connection attempts are coming from and which user account they're using. Then track down the users with this information.
MK
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
09-11-2009 04:00 AM
09-11-2009 04:00 AM
Re: track rlogin,remsh,rcmd
Re: track rlogin,remsh,rcmd
it is for which users are doing what
For long list, use:
# whodo -l
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
09-11-2009 04:03 AM
09-11-2009 04:03 AM
Re: track rlogin,remsh,rcmd
Re: track rlogin,remsh,rcmd
# whodo -l | grep -i
for more info check the man page
# man whodo
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
09-11-2009 07:34 AM
09-11-2009 07:34 AM
Re: track rlogin,remsh,rcmd
Re: track rlogin,remsh,rcmd
Best way to accomplish your goal is to put a message display block in the /etc/profile starting 30 days before you cut off the r-commands. And make sure it is read by asking for the user to hit enter after reading, by putting something like
read dummy
at the end of message echo statements. At the end of the 30 day period, just plain cut them off. They will be forced to comply. First few days after that will be a little harsh on the support team, but slowly, they will resume functioning properly.
HTH
UNIX because I majored in cryptology...
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
09-11-2009 08:10 AM
09-11-2009 08:10 AM
Re: track rlogin,remsh,rcmd
Re: track rlogin,remsh,rcmd
good suggestion of /etc/profile.
But i am looking for helping users moving out of r* commands. like finding alternative ways for executing scripts/ automated processed which use these commands.
my first step is to find out if anyone is using these commands in manual or automated ways. more difficult is to find out where these cmd used in automation.
any ideas around that pls ?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
09-11-2009 08:26 AM
09-11-2009 08:26 AM
Re: track rlogin,remsh,rcmd
Re: track rlogin,remsh,rcmd
> But i am looking for helping users moving out of r* commands. like finding alternative ways for executing scripts/ automated processed which use these commands.
First, I wholly agree with Mel. Advertise the demise of the unsecure r-commands and then cut those off when you say you will.
As for finding their use in automated processes, start by examining the processes listed in the 'crontabs' of any users with them. You could 'grep' for 'rcp', 'remsh', 'rlogin', 'rexec', etc. When found you could advise the user via mail that these methods will be prohibited after some date --- a fix it or it won't work dictum. Of course you need the support of management. Company auditors make excellent "bad-guys" too.
Regards!
...JRF...
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
09-11-2009 08:30 AM
09-11-2009 08:30 AM
Re: track rlogin,remsh,rcmd
Re: track rlogin,remsh,rcmd
thanks for the valuable suggestion.
I am testing it. rlogin attempt shows as login/tcp in syslog and remsh attempt as shell/tcp. still need to test rcmd,rcp etc.
thanks.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
09-11-2009 09:27 AM
09-11-2009 09:27 AM
Re: track rlogin,remsh,rcmd
Re: track rlogin,remsh,rcmd
Please make a habit to assign points, people who give there valuable time to your problem you also take some time to assign points to there work.
If you donâ t know how to assign please see this below link.
http://forums13.itrc.hp.com/service/forums/helptips.do?#33
Suraj
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
09-15-2009 09:33 PM
09-15-2009 09:33 PM
Re: track rlogin,remsh,rcmd
Re: track rlogin,remsh,rcmd
Please let me know if you have any suggestions about this problem.
regards.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
09-15-2009 09:37 PM
09-15-2009 09:37 PM
Re: track rlogin,remsh,rcmd
Re: track rlogin,remsh,rcmd
inetd -l is tracing the connection source.
but not telling which user initiated it.
how to find the user pls.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
09-15-2009 09:48 PM
09-15-2009 09:48 PM
Re: track rlogin,remsh,rcmd
Re: track rlogin,remsh,rcmd
You can check your syslog.log file
Suraj
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
09-16-2009 05:18 AM
09-16-2009 05:18 AM
Re: track rlogin,remsh,rcmd
Re: track rlogin,remsh,rcmd
Run the "last" command to get a list of logins by time & username. When you find a login time that matches the time of the rlogin use (with an accuracy of about +/- 1 second), you'll know the name of the user account that was accessed with rlogin.
If you have assigned personal user accounts to each user, the name of the user account should normally be enough to identify the user.
If you have user accounts that are used by multiple users, you may have to examine the logs of each rlogin client machine to find out who was using them at the time rlogin was used. (And you will also understand by experience why security auditors say that multi-user accounts are a bad thing.)
MK
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
09-16-2009 07:09 AM
09-16-2009 07:09 AM
Re: track rlogin,remsh,rcmd
Re: track rlogin,remsh,rcmd
Is there a way to find the connections initiated from the server.
inetd -l is showing only the ones coming to the server.
thanks.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
09-16-2009 07:26 AM
09-16-2009 07:26 AM
Re: track rlogin,remsh,rcmd
Re: track rlogin,remsh,rcmd
UNIX because I majored in cryptology...
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
09-16-2009 08:49 AM
09-16-2009 08:49 AM
Re: track rlogin,remsh,rcmd
Re: track rlogin,remsh,rcmd
I close the thread here.
Hewlett Packard Enterprise International
- Communities
- HPE Blogs and Forum
© Copyright 2018 Hewlett Packard Enterprise Development LP