HPE Community
Operating System - HP-UX
1827372 Members
4533 Online
109963 Solutions
New Discussion

syslog.log Messages

 
Marty Metras
Super Advisor

‎02-04-2003 12:02 PM

‎02-04-2003 12:02 PM

syslog.log Messages

I'm getting this message in /var/adm/syslog/syslog.log
I'm doing rsync with ssh and sftp and one of them is before and/or after these messages.
These messages repeat 3 - 4 times in a row.
This is and HP-UX 11.0 server.
The data that is being copied/synced looks to be OK.
Can you help me find what is causing this message?

Marty

Feb 2 19:29:09 hostname inetd[29063]: execv /usr/lbin/identd: No such file or directory
Feb 2 19:29:09 hostname inetd[720]: ident/tcp: Exit status 1
The only thing that always remain the same are the changes.
0 Kudos
Reply
12 REPLIES 12
Ken Hubnik_2
Honored Contributor

‎02-04-2003 12:05 PM

‎02-04-2003 12:05 PM

Re: syslog.log Messages

What path is in your /etc/inetd.conf file for the ident entry???
0 Kudos
Reply
Ken Hubnik_2
Honored Contributor

‎02-04-2003 12:16 PM

‎02-04-2003 12:16 PM

Re: syslog.log Messages

Here is the permissions file the file on an 11.11 system.

-r-xr--r-- 1 bin bin 311296 Nov 14 2000 /usr/lbin/identd
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎02-04-2003 12:17 PM

‎02-04-2003 12:17 PM

Re: syslog.log Messages

Hi,

identd is mostly used by sendmail and you may not need it. Comment it out in /etc/inetd.conf and refresh inetd (inetd -c).

If you want to keep it, then you should have an executable under /usr/lbin/identd. You can copy it from another system of the same OS.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Jordan Bean
Honored Contributor

‎02-04-2003 12:26 PM

‎02-04-2003 12:26 PM

Re: syslog.log Messages

Looks to me like the identd binary is missing or not executable... In that case, disable the ident service in inetd... You should disable this anyway since it can be exploited.

I'm not sure this is even related to the use of ssh and rsync... Have you set this up through cron? If so, are you expecting output via e-mail? If so, then I think either the local or a remote sendmail session may be performing the ident lookup.
0 Kudos
Reply
Marty Metras
Super Advisor

‎02-04-2003 12:37 PM

‎02-04-2003 12:37 PM

Re: syslog.log Messages

Ken,
Here is what in "/etc/identd.conf"
ident stream tcp wait bin /usr/lbin/identd identd
There is no file "/usr/lbin/identd"

Sri,
I do use sendmail.

I have 2 servers doing the same thing.
Neither have "/usr/lbin/identd"
Only one gets the error.
What should be in the "/usr/lbin/identd" file?
I have it one the Redhat Linux boxes. Is it safe to use that copy?

Marty
The only thing that always remain the same are the changes.
0 Kudos
Reply
Jeff Schussele
Honored Contributor

‎02-04-2003 12:43 PM

‎02-04-2003 12:43 PM

Re: syslog.log Messages

Hi Marty,

Nope, identd off a RedHat system will definitely NOT work.

Here's what it looks like on my 11.0 system

-r-xr--r-- 1 bin bin 40960 Aug 20 1998 identd

We normally comment it out on all our systems as it has known exploits. And can help a hacker "discover" just what the system is & does. We run sendmail on almost all our servers & commenting it out in /etc/inetd.conf has no affect on a properly configured sendmail server.

Rgds,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
Marty Metras
Super Advisor

‎02-04-2003 12:50 PM

‎02-04-2003 12:50 PM

Re: syslog.log Messages

Jordan,
The jobs that do the rsync and sftp ate started from cron. These jobs also send mailx messages if they have a problem. These messages are send to the other server using userID which alais sends it to userID@servername this has been working. Not meaning it is right. Looks like those error messages have been in there since at lease Christmas.
Would send mail still work it I remove it from /etc/identd.conf or is this something I could turn off in sendmail some where?
Marty
The only thing that always remain the same are the changes.
0 Kudos
Reply
Marty Metras
Super Advisor

‎02-04-2003 12:56 PM

‎02-04-2003 12:56 PM

Re: syslog.log Messages

How do you answer my questions before I ask them? :-)
From what I'm hearing I should remark out identd in /etc/identd.conf and then restart identd using `identd -c` Right?

Then if all go well then do the same on the other boxes. Linus too?

Marty
The only thing that always remain the same are the changes.
0 Kudos
Reply
Marty Metras
Super Advisor

‎02-04-2003 12:58 PM

‎02-04-2003 12:58 PM

Re: syslog.log Messages

Sorry for the typo. I ment /etc/inetd.conf
Marty
The only thing that always remain the same are the changes.
0 Kudos
Reply
Jeff Schussele
Honored Contributor

‎02-04-2003 01:02 PM

‎02-04-2003 01:02 PM

Re: syslog.log Messages

Comment it out in /etc/inetd.conf & restart inetd using

inetd -c

Rgds,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
Marty Metras
Super Advisor

‎02-04-2003 01:07 PM

‎02-04-2003 01:07 PM

Re: syslog.log Messages

Done.

I'll let you know how it went in an hour or so.
Marty
The only thing that always remain the same are the changes.
0 Kudos
Reply
Jordan Bean
Honored Contributor

‎02-04-2003 01:17 PM

‎02-04-2003 01:17 PM

Re: syslog.log Messages

Yep, comment out the ident entry in /etc/inetd.conf and tell inetd to reload the configuration with `inetd -c`.

If you're not at all concerned about having sendmail verify remote host identities, then you can tell sendmail to not perform identd lookups by setting the timeout value to zero. So for all of your sendmail servers, set Timeout.ident=0 in /etc/mail/sendmail.cf (or /etc/sendmail.cf) and restart sendmail. On HP-UX, restart sendmail using:

/sbin/init.d/sendmail stop
/sbin/init.d/sendmail start

On linux, use:

/etc/rc.d/init.d/sendmail restart
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.