1825512 Members
1907 Online
109681 Solutions
New Discussion юеВ

esm and server log down

 
lawrenzo_1
Super Advisor

esm and server log down

Hi,

I have been alerted by a security application ESM and I am not too sure some of the procs stated whether I should remove them from inetd:

how can I determine what nd when used the following protocols:

exec
login

and also I have a snmpdm process alerted, what can i expect to use SNMP from a system point ie service guard maybe?

Thanks

Chris
hello
2 REPLIES 2
lawrenzo_1
Super Advisor

Re: esm and server log down

exec and login have been configured as well as .rhosts for cluster services (i believe) therefore these protocols are required.
hello
VK2COT
Honored Contributor

Re: esm and server log down

Hello,

a) I know ESM. I introduced it to a large
telco last year :)

b) Firstly, enable inetd logging, by adding
'-l' to the start up file. The command 'inetd
-l' will enable logging for a running inetd
process, so no need to stop inetd when making
these changes.

c) Then set up access control list through
/var/adm/inetd.sec.

d) You can even get hold of logdaemon from Wietse site at http://www.porcupine.org/

Logdaemon contains many useful utilities,
however some people have had problems
compiling them with the HP authentication
libraries. Fortunately rexecd is an exception. You can compile it and replace
the standard one that HP-UX ships.

Logdaemon provides much better logging
capabilities. In old times, I used it
for rsh/remsh protocols to capture
the command that was executed from remote
servers :)

Regarding SNMP: do you have any
monitoring (like OpenView, BMC Patrol,
CA Unicentre) on your servers?

Cheers,

VK2COT
VK2COT - Dusan Baljevic