HPE Community
Operating System - HP-UX
1834814 Members
2770 Online
110070 Solutions
New Discussion

Re: How to keep a log on remote login from normal telephone dialup?

 
Zhang Zhao gui
Frequent Advisor

‎01-13-2000 05:06 PM

‎01-13-2000 05:06 PM

How to keep a log on remote login from normal telephone dialup?

There is an external modem connected to one of our UNIX
server. Anybody can dial in and login at the given number by Hyperterminal
into the system. Is there any
way to keep a log on this kind of login? I noticed that
/var/adm/syslog/syslog.log does not log these activities.
0 Kudos
Reply
4 REPLIES 4
Simon Waters_2
Occasional Advisor

‎01-14-2000 05:51 AM

‎01-14-2000 05:51 AM

Re: How to keep a log on remote login from normal telephone dialup?

I think from your description they are going through the ordinary login
mechanism, rather than using PPP and rlogin?

If so then login can be recorded in the wtmp file. See 'man login' - for
details.

Also check out 'securetty' to prevent root login directly from such a source.


0 Kudos
Reply
Zhang Zhao gui
Frequent Advisor

‎01-14-2000 09:47 AM

‎01-14-2000 09:47 AM

Re: How to keep a log on remote login from normal telephone dialup?

I know I can just run "last" command if I want to check who has ever login into
the system through a particular modem port, but I wonder how long the data will
be kept. I can see any earlier records like the ones for
last week. I found there is a file /var/adm/acct/nite/owtmp, how do I use
this file?
In addition, If I want to find out what commands this
particular user has run, I can just run /usr/lib/acct/acctcom -u "username" to
find out the details. But if the accounting is disabled, is there any other way
to do that?
One more question, just out of curiosity, is there any way to prevent a
particular user (root, e.g.) from
logging through a specific modem port (/dev/ttyd0p7,e.g.) ?
0 Kudos
Reply
David Schronce
New Member

‎01-19-2000 02:20 AM

‎01-19-2000 02:20 AM

Re: How to keep a log on remote login from normal telephone dialup?

You are right last | grep ttyd0p7 will show who logged in

lastb | grep ttyd-p7 will show you who FAILED - also important to watch

wtmp remails available until you clear it and can grow quite large.

You can save and compress the contents for future reference and clean the file
as noted below

Create a new ascii file:
who /var/adm/wtmp > wtmp.text
compress wtmp.text

Clear the contents of wtmp:
cat /dev/null > /var/adm/wtmp


I have a file in /etc called modem.acl In /etc/profile I check to see if the
user is on a modem line and grep for the username on that list. If it's not
there then echo a short message and log them off.
0 Kudos
Reply
Zhang Zhao gui
Frequent Advisor

‎01-19-2000 10:54 AM

‎01-19-2000 10:54 AM

Re: How to keep a log on remote login from normal telephone dialup?

Good idea! By creating a access-list "modem.acl" and inserting a short script
inside /etc/profile, then you will be able to control who are allowed to login
from a specific modem line. But I was wondering how you write this script
to capture who is trying to login from the modem line (maybe /dev/ttyd0p7 ).
Just use `whoami` and compare it with "modem.acl" to decide whether this person
is allowed to login?

One more question , if I run /usr/lib/acct/runacct on the daily basis to
generate the accounting data, the file /var/adm/wtmp will automatically be
trimed
everyday and you can only see who has logined today. In that case, how can I
find out whether anybody has ever logined two days ago? Even from the file
/var/adm/acct/nite/owtmp you can only see yesterday's log.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.