HPE Community
Operating System - HP-UX
1829570 Members
1520 Online
109992 Solutions
New Discussion

remsh command logging

 
SOLVED
Go to solution
Youlette Etienne_2
Regular Advisor

‎11-26-2001 01:36 PM

‎11-26-2001 01:36 PM

remsh command logging

Hello everyone,

Is there a way to log what commands were executed using remsh on the remote host? They do not appear in the syslog.log or the .sh_history (of the remote user) files on the remote host. There is no option in the man pages.

Thanks

Youlette
If at first you don't succeed, change the rules!
0 Kudos
Reply
8 REPLIES 8
someone_4
Honored Contributor

‎11-26-2001 01:53 PM

‎11-26-2001 01:53 PM

Re: remsh command logging

I might be wrong but I dont think there is a log that stores the commands. If you are running a script then you know the commands that are being ran. But if someone is doing just remsh -l it does not anywhere. It does log in the client in the wtmp file though. Lets see what others say.

Richard
0 Kudos
Reply
harry d brown jr
Honored Contributor

‎11-26-2001 02:17 PM

‎11-26-2001 02:17 PM

Solution

Re: remsh command logging

You would need to log "inetd", by starting it with the "-l" option. And it will log like a madman!

Your best bet is to make sure you have a secure server by trying some of the topics brought up in this document:

http://people.hp.se/stevesk/bastion.html

live free or die
harry
Live Free or Die
Reply
S.K. Chan
Honored Contributor

‎11-26-2001 02:28 PM

‎11-26-2001 02:28 PM

Re: remsh command logging

I don't think you can log any commands executed by a remsh. Remsh gives minimal env where only PATH, LOGNAME, SHELL, HOME, PWD, and TZ variables are set. The user environment actually becomes that of the running inetd.
0 Kudos
Reply
Roger Baptiste
Honored Contributor

‎11-26-2001 02:29 PM

‎11-26-2001 02:29 PM

Re: remsh command logging

hi,

You can run inetd with the logging turned on
#inetd -k ; inetd -l

But, this will log only the
connection details or remsh/rlogin and not the commands being run through them. For eg:
Moonlight inetd[26034]: shell/tcp: Connection from Venus on ....
-> tells a user from venus system had run a remsh command into moonlight system.

Regarding what command was run, you can only note it from the remote system user''s history file; (unless the user had not deleted it).

Please note that Remote services are Trusted services i.e it is an equivalent user existing on another system!. So, it is a sort of open invitation. You cannot give remote rights and at the same time expect to have a tight leash on the activities.

If you are not comfortable with this, go for secure shell services. But, even here i am not sure whether you willget a logging facility. Need to check it up.


HTH
raj
Take it easy.
Reply
Michael Tully
Honored Contributor

‎11-26-2001 04:15 PM

‎11-26-2001 04:15 PM

Re: remsh command logging

Hi,

I would seriously consider turning it
off if is causing problems.

Edit /etc/inetd.conf
#shell stream tcp nowait root /usr/lbin/remshd remshd

# inetd -c (re-read the config)

I would try to aviod turning on the inetd
logging, as you will need to hire someone
to read them.

-Michael
Anyone for a Mutiny ?
0 Kudos
Reply
Ian Dennison_1
Honored Contributor

‎11-27-2001 03:46 AM

‎11-27-2001 03:46 AM

Re: remsh command logging

The 'script' command will track all actions on the initiating server when performing an 'rlogin' to another server. Worth using this, or putting a script command in the .login or .profile of the remshell user?

Share and enjoy! Ian
Building a dumber user
0 Kudos
Reply
Steven Gillard_2
Honored Contributor

‎11-27-2001 04:05 AM

‎11-27-2001 04:05 AM

Re: remsh command logging

Try downloading inetutils from GNU. Theres a remshd server included which I believe uses syslog to log commands.

Regards,
Steve
0 Kudos
Reply
Youlette Etienne_2
Regular Advisor

‎01-27-2002 03:31 PM

‎01-27-2002 03:31 PM

Re: remsh command logging

Hello everyone,

I apologize for taking such a long time to assign points but I have been encountering problems accessing the forums from work and haven't even been able to search the forums or post any additional questions or assign points since November. I'm actually posting this from home. It is extremely frustrating when I need to get information.


The problem is that I keep getting debugging error messages when accessing the forums. I believe it is error number 104, though I cannot remember at this moment. Sometimes the entire page does not load, sometimes I get the "page cannot be displayed" error message, and now with the new network installation of eprizm, I get, "URL returned zero length page". I have deleted temporary internet files but this doesn't work. I use internet explorer 5.5 at work, which worked fine until last November. So far I have not encountered these problems from home and per HP, no one else is encountering these problems.

Any help will be most appreciated.

Thanks.
If at first you don't succeed, change the rules!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.