HPE Community
Operating System - HP-UX
1834435 Members
2289 Online
110067 Solutions
New Discussion

Re: syslog error ..

 
SOLVED
Go to solution
someone_4
Honored Contributor

‎08-14-2001 08:05 AM

‎08-14-2001 08:05 AM

syslog error ..

Hello
I get this error in my syslog.
Aug 13 23:49:18 lvapp01 ftpd[10881]: PAM_TEXT_INFO: Last successful login for root: Mon Aug 13 23:47:07 CST6CDT 2001 on tty .
Aug 13 23:49:18 lvapp01 ftpd[10881]: PAM_TEXT_INFO: Last unsuccessful login for root: Mon Aug 13 16:13:07 CST6CDT 2001 on pts/ta .
Aug 13 23:49:18 lvapp01 ftpd[10881]: FTP LOGIN FROM lvapp14.prod.networkip.net [192.168.10.151], root
Aug 13 23:49:19 lvapp01 ftpd[10881]: FTP session closed

Can someone tell me what this means or if i should fixx it?
0 Kudos
Reply
9 REPLIES 9
A. Clay Stephenson
Acclaimed Contributor

‎08-14-2001 08:11 AM

‎08-14-2001 08:11 AM

Re: syslog error ..

Hi Richard,

I suspect that you have enabled inetd logging. It will log when every process is spawned by inetd. Every telnet, every ftp, .... . Because of this, I only enable inetd logging for short periods when I am looking for specific problems. Separating the wheat from the chaff becomes difficult in short order. The PAM messages (Pluggable Authentication Module) indicate login attempts.

Clay
If it ain't broke, I can fix that.
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎08-14-2001 08:17 AM

‎08-14-2001 08:17 AM

Re: syslog error ..

Hi Richard:

I presume that it's PAM who is bothering you ;-)

PAM stands for "Pluggable Authentication Modules" and is a framework for integrated login. Take a look at the man pages for it ('man 3 pam') for a start and also at chapter-8 "Administering a System: Managing System Security" in "Managing Systems and Workgroups: A Guide for HP-UX System Administrators":

http://docs.hp.com/hpux/onlinedocs/B2355-90701/B2355-90701.html

Regards!

...JRF...
0 Kudos
Reply
linuxfan
Honored Contributor

‎08-14-2001 08:30 AM

‎08-14-2001 08:30 AM

Re: syslog error ..

Hi Richard,

Check you /etc/rc.config.d/netdaemons file and look for variable INETD_ARGS, if it is set to
export INETD_ARGS="-l"
then you would see this logging in the syslog.
To disable this, just set this variable to blank and bounce your inetd (/sbin/init.d/inetd stop; /sbin/init.d/inetd start).

It doesn't look like you have ftp logging enabled but look for the ftp entry in the /etc/inetd.conf.

-HTH
I am RU
They think they know but don't. At least I know I don't know - Socrates
0 Kudos
Reply
MANOJ SRIVASTAVA
Honored Contributor

‎08-14-2001 08:32 AM

‎08-14-2001 08:32 AM

Re: syslog error ..

Hi Richard

You have indeed enabled inetd logging , in case the server is critcal interms of restricting ftp/telnet logging then u need to have this on as you can monitor .

Manoj Srivastava
0 Kudos
Reply
someone_4
Honored Contributor

‎08-14-2001 09:38 AM

‎08-14-2001 09:38 AM

Re: syslog error ..

I disabled inetd as you see in syslog.
But I am still getting this.

Aug 14 11:44:36 lvapp01 inetd[542]: Connection logging disabled
Aug 14 11:58:41 lvapp01 ftpd[24982]: PAM_TEXT_INFO: Last successful login for
root: Tue Aug 14 11:42:26 CST6CDT 2001 on pts/ta .
Aug 14 11:58:41 lvapp01 ftpd[24982]: PAM_TEXT_INFO: Last unsuccessful login for
root: Mon Aug 13 16:13:07 CST6CDT 2001 on pts/ta .
Aug 14 11:58:41 lvapp01 ftpd[24982]: FTP LOGIN FROM lvapp14.prod.networkip.net [
192.168.10.151], root
0 Kudos
Reply
linuxfan
Honored Contributor

‎08-14-2001 11:41 AM

‎08-14-2001 11:41 AM

Re: syslog error ..

Hi Richard,

Are you seeing this logging only for the ftpd?
Check if the logging option is enabled for ftpd in the /etc/inetd.conf file.

-Regards
I am RU
They think they know but don't. At least I know I don't know - Socrates
0 Kudos
Reply
someone_4
Honored Contributor

‎08-15-2001 07:14 PM

‎08-15-2001 07:14 PM

Re: syslog error ..

Does this mean ftpd loggin is on ?
ftp stream tcp nowait root /usr/lbin/ftpd ftpd -l
0 Kudos
Reply
linuxfan
Honored Contributor

‎08-15-2001 07:30 PM

‎08-15-2001 07:30 PM

Solution

Re: syslog error ..

Hi Richard,

The -l option means the loggin is on

From the man page of ftpd
-l Causes each FTP session to be logged in the syslog file.

-l logs each ftp session, where as -L logs each command sent to the ftpd server

-HTH
I am RU
They think they know but don't. At least I know I don't know - Socrates
Reply
Sridhar Bhaskarla
Honored Contributor

‎08-15-2001 09:37 PM

‎08-15-2001 09:37 PM

Re: syslog error ..

Richard,

Did you check your /etc/pam.conf file and see if you have debug option on for ftp?. If so, you need to take it out to get rid of these message

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.