Operating System - HP-UX
1830077 Members
1823 Online
109998 Solutions
New Discussion

How to trace rlogin users

 
SOLVED
Go to solution
ashan
Advisor

How to trace rlogin users

Hi, how do I trace rlogin users.When I grep
for syslog.log I cant get more info.

Regards

Ashan
8 REPLIES 8
Chris Wilshaw
Honored Contributor

Re: How to trace rlogin users

If you use

last -R

that will show you the name/ip address of the machine that they connected from.
suki
Frequent Advisor

Re: How to trace rlogin users

Hi ,
You can get all the info related with who are the persons logged in and what are the interfaces they used to connect by issueing
#last -R
If provided you have a valid /var/adm/wtmp file.

-suki
Steven E. Protter
Exalted Contributor

Re: How to trace rlogin users

In addition to the information provided above if you have the -l logging option in your /etc/inetd.conf file you will see a log of all rlogin entries in your /var/adm/syslog/syslog.log file.

With Secure shell being free however, there is probably not a good reason not to dump the insecure Berkely protocols and go with ssh.

There are plenty of posts in my name showing how easy it is to upgrade and get the same functionality.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
ashan
Advisor

Re: How to trace rlogin users

Hi SEP,

how to add in the /etc/inetd.conf

give a example please.

Regards

Ashan

V.Tamilvanan
Honored Contributor

Re: How to trace rlogin users

Hi,
You can use the logging facility of inetd itself. To enable you need to execute
#/usr/sbin/inetd -l

This command can be executed online.

Whenever a connetion established to your server using inetd services it will be logged in /var/adm/syslog/syslog.log file.

HTH
V. V. Ravi Kumar_1
Respected Contributor
Solution

Re: How to trace rlogin users

Hi,

Add -l to this line in ur /etc/inetd.conf file.

login stream tcp nowait root /usr/lbin/rlogind rlogind -l

Reread inetd
#inetd -c

This will log to /var/adm/syslog/syslog.log

Regards
Never Say No
Robert-Jan Goossens
Honored Contributor

Re: How to trace rlogin users

Hi Ashan,

Next step could be running accounting.
change START_ACCT to 1 in /etc/rc.config.d/acct
start accounting by running /sbin/init.d/acct start
All users commands are now logged in /var/adm/pacct. You can list commands with the command # lastcomm. By sure that you have enough space in /var.

Hope it helps,

Robert-Jan.


V. V. Ravi Kumar_1
Respected Contributor

Re: How to trace rlogin users

hi,
in my earlier post i think i was wrong, -l to rlogind line in /etc/inetd.conf only limits the normal users expect root to use .rhosts for authentication.

inetd -l will do your work.

sorry for the same.
Regards
Never Say No