HPE Community
Operating System - HP-UX
1834187 Members
2754 Online
110064 Solutions
New Discussion

How to log telnet activity. (User used, maybe even commands.)

 
SOLVED
Go to solution
Daniel Simard
Frequent Advisor

‎06-03-2003 05:31 AM

‎06-03-2003 05:31 AM

How to log telnet activity. (User used, maybe even commands.)

Hi,
I was wondering if you can tell me how I can log telnet connections comming in to my box. For example, if user1 connects, I'd like to know that user1 connected and not just that there was a telnet connection (in syslog.log).

All help is much appreciated!

B.T.W I'm using hp-ux 11.11 (not that it should matter).
Si tu n'as pas ce que tu aimes, aimes ce que tu as.
0 Kudos
Reply
7 REPLIES 7
Massimo Bianchi
Honored Contributor

‎06-03-2003 05:38 AM

‎06-03-2003 05:38 AM

Solution

Re: How to log telnet activity. (User used, maybe even commands.)

Hi,
there are many other threads with this issue.

If you search with telnet and login you will find many more advice.

In a short:

- use "last" and "last -b" command to see last login attempts

- look in syslog.log for connections

- if you need deep tracking, there is a free software from HP, that is IDS (Intrusion detection system), you can find it in the application CD.

Massimo

Reply
Michael Steele_2
Honored Contributor

‎06-03-2003 05:40 AM

‎06-03-2003 05:40 AM

Re: How to log telnet activity. (User used, maybe even commands.)

Use '/usr/sbin/inetd -l/b' to toggle on and off. Set perm. in inetd.conf.
Support Fatherhood - Stop Family Law
Reply
James R. Ferguson
Acclaimed Contributor

‎06-03-2003 05:42 AM

‎06-03-2003 05:42 AM

Re: How to log telnet activity. (User used, maybe even commands.)

Hi Daniel:

Actually, if you log logins in '/var/adm/wtmp' you can track this.

If '/var/adm/wtmp' isn't present, touch it to create it. Set the permissions to 644 owned by root. When present, to analyze, use:

# last -R

...or:

# last -R username

See the 'last' man pages for more information.

Regards!

...JRF...
0 Kudos
Reply
Massimo Bianchi
Honored Contributor

‎06-03-2003 05:44 AM

‎06-03-2003 05:44 AM

Re: How to log telnet activity. (User used, maybe even commands.)

http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x6a558b82cc91d711abdc0090277a778c,00.html

For example...

Reply
Bill Douglass
Esteemed Contributor

‎06-03-2003 06:00 AM

‎06-03-2003 06:00 AM

Re: How to log telnet activity. (User used, maybe even commands.)

Set START_ACCT to 1 in

/etc/rc.config.d/acct

and then run

/sbin/init.d/acct start

This will enable a wealth of accounting statistics, including connect time, command usage and disk usage.

man 1m acct for more details. The commands are lcoated in /usr/sbin/acct.
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎06-03-2003 06:41 AM

‎06-03-2003 06:41 AM

Re: How to log telnet activity. (User used, maybe even commands.)

Make sure that the variable HISTFILE has been set and exported to $HOME/.sh_history in /etc/profile and for all your users that run the POSIX (default) shell (or ksh too), there will be a .sh_history in each user's home directory where you will see what they typed. This includes local shell builtin's that don't get logged in the accounting system. The downside is that the smart user can remove this file to hide their tracks...but that is a good indication of a possible problem user.


Bill Hassell, sysadmin
Reply
Suhas_2
Regular Advisor

‎06-03-2003 04:15 PM

‎06-03-2003 04:15 PM

Re: How to log telnet activity. (User used, maybe even commands.)

Hi Dan,
1> You can either use "last" or "lastb" commands to find the login attempts.
2> In the /etc/inetd.conf file you can put entry of telnetd with loggin option. On my Solaris box a typical entry looks like
telnet stream tcp nowait root /usr/sbin/in.telnetd in.telnetd -l
Similar one for HP-UX should work.
3> For the commands history of users' you need to have the HISTORY variable in their environment, so that the .sh_history file in their home directory would give you the command history.
4> You may wish to configure the command "script" in the .profile of every user to log all the activity of the user in files with date-time stamp as their name. But this will consume a lot of disk space.
5> Symark's powerbroker could be a good choice if you really wish to log all the activities by the user at a secure and centralized location.

Hope this helps'

Regards'
Suhas.
Never say "Die"
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.