HPE Community
Operating System - HP-UX
1832953 Members
2661 Online
110048 Solutions
New Discussion

r-services, rcp and logging

 
SOLVED
Go to solution
Luis Toro
Regular Advisor

‎02-13-2003 06:44 AM

‎02-13-2003 06:44 AM

r-services, rcp and logging

I have 2 questions:
Is there a way to log rcp, or any "r" activity ? We have a
mixed blend of HPUX servers,
10.20 & 11, trusted and non-trusted (though we will be trusting most by EOY). Also,
it seems that the only true need we have is the use of rcp. Given that, what services can I turn off, yet still be able to rcp ? And, are there any other r-commands outside of rlogin, remsh and rexec that I should be concerned about ? My intent is to restrict the permissions on such commands.

Thank you.
0 Kudos
Reply
8 REPLIES 8
Jose Mosquera
Honored Contributor

‎02-13-2003 06:59 AM

‎02-13-2003 06:59 AM

Solution

Re: r-services, rcp and logging

Hi,

The /var/adm/inetd.sec i an useful way to allow|deny totally or partially sevareal services including remote shell and remote copy (rcp), both of them are controlled by "shell" statement into te file. Some definitions will be:

shell deny * (all incomming remsh/rcp will be refused)
shell allow 189.5.1.3 (just 189.5.1.3 incomming remsh/rcp are allowed)

Pls obtain more info via "man inetd.sec"

Rgds.
Reply
Luis Toro
Regular Advisor

‎02-13-2003 07:55 AM

‎02-13-2003 07:55 AM

Re: r-services, rcp and logging

Thanks Jose.

Any logging capabilities ?
(like ftp, which can log to the syslog)
0 Kudos
Reply
Chris Vail
Honored Contributor

‎02-13-2003 08:13 AM

‎02-13-2003 08:13 AM

Re: r-services, rcp and logging

Yes, there is a way to do this, you just can't use rcp or remsh. Use secure shell. This can be set up so that ALL activity is logged. Its a little more confusing to set up, but worth the effort. Also, it appears to be slower, as each operation involves an initial public/private key swap operation. But once the initial key swap is done, it is equally as fast. Its also encrypted.

You need only install the secure shell utilities, and implement it using a document that I wrote. Somehow, I manage to post that document once a day or so here on itrc. You can search for it, or just ask and I'll re-post it.

Good Luck
Chris
Reply
Jose Mosquera
Honored Contributor

‎02-13-2003 08:54 AM

‎02-13-2003 08:54 AM

Re: r-services, rcp and logging

Hi,

I have read about it in "man remshd" and I have not found any information in this respect. However the service ftp explain this in "man ftpd".

Maybe some local "Guru" have the correct answer.

In any case your points will be grateful!

Best Rgds.
0 Kudos
Reply
Stanimir
Trusted Contributor

‎02-13-2003 09:01 AM

‎02-13-2003 09:01 AM

Re: r-services, rcp and logging

Hi!
In addition to above:
1. The easiest way to apply security politics
on Internet-services is
SAM > Network $ Comm. > System Access

2.Security files for various daemons are:
telnetd: /etc/passwd
ftpd: /etc/ftpusers
/etc/passwd
remshd and rlogind: /etc/hosts.equiv
$HOME/.rhosts

and for inetd: /var/adm/inetd.sec
/etc/services
/etc/inetd.conf

Regards.

0 Kudos
Reply
Luis Toro
Regular Advisor

‎02-13-2003 11:45 AM

‎02-13-2003 11:45 AM

Re: r-services, rcp and logging

One last question on secure shell: is it supported on 10.20 ? I had initially intended on implementing it but I was told that since some of our rcp's are from 11.0 to 10.20 servers, I could not use it.

Thanks
0 Kudos
Reply
Chris Vail
Honored Contributor

‎02-13-2003 12:24 PM

‎02-13-2003 12:24 PM

Re: r-services, rcp and logging

I couldn't find that HP supports secure shell on 10.20. However, the nice people at http://www.ssh.com/support/downloads/secureshellserver/evaluation.mpl
have an evaluation copy ready for your download. As always: Google is your friend.


Chris
0 Kudos
Reply
Steven Sim Kok Leong
Honored Contributor

‎02-14-2003 06:03 PM

‎02-14-2003 06:03 PM

Re: r-services, rcp and logging

Hi,

Use OpenSSH on HP-UX 10.20. This is what you need:

http://hpux.cs.utah.edu/hppd/hpux/Networking/Admin/openssh-3.5p1/

Hope this helps. Regards.

Steven Sim Kok Leong
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.