Re: telnetd connection logging

Albert E. Whale, CISSP · ‎08-23-2005

This is HP-UX 11.23.

Have configured /etc/inetd.conf for telnetd with

telnetd -adebug -TCP_DELAY

Previous attempts with telnet -a dbuge have issued an error about not starting with a - before the keyword. After inssuing the init -c the configuration information is complete, but there is no login connection logging occurring in syslog.

Any suggestions?

Sr. Systems Consultant @ ABS Computer Technology, Inc. http://www.abs-comptech.com/aewhale.html & http://www.ancegroup.com

Mel Burslan · ‎08-23-2005

As I do not have a 11.23 system here to play with and 11.11 version of telnetd not having a -a switch at all I am not sure what to tell on that end but one thing you can check is, if your inetd is running with logging enabled ?

ps -ef | grep inetd

is it returning something like :

root 23556 1 0 Sep 29 ? 57:30 inetd -l
(note the -l at he end)

if not, you can kill inetd and restart with -l option to see if it helps

________________________________
UNIX because I majored in cryptology...

RAC_1 · ‎08-23-2005

inetd -l
does it log "loggin inetd enabled/disabled" in syslog?? Depending upon that you may need to do inetd -l again or not.

There is no substitute to HARDWORK

Albert E. Whale, CISSP · ‎08-23-2005

We have enabled inetd -l and have verified this in syslog (no it does not show up in the process list as inetd -l).

I am receiveing login failures from SSH, but not telnetd.

any New suggestions?

Sr. Systems Consultant @ ABS Computer Technology, Inc. http://www.abs-comptech.com/aewhale.html & http://www.ancegroup.com

Mel Burslan · ‎08-23-2005

if it does not show up in the process list as inetd -l then you have to kill and restart the inetd as such:

/usr/sbin/inetd -k
/usr/sbin/inetd -l

ssh is another story as it runs in daemon mode and not gets initiated by inetd so, sshd logging failed logins and telnetd not are two separate things, like apples and oranges.

________________________________
UNIX because I majored in cryptology...

Albert E. Whale, CISSP · ‎08-23-2005

Mel,

Don't get hung up on inetd not having the inetd -l in the process listing, as I am seeing the message connection logging enabled and/or disable with the inted -l command (it's a toggle switch enable/disbale).

I need to get telnetd to record authentication attemtps, successes and failures.

Does telnetd use PAM like ssh does?

Sr. Systems Consultant @ ABS Computer Technology, Inc. http://www.abs-comptech.com/aewhale.html & http://www.ancegroup.com

RAC_1 · ‎08-24-2005

How does your /etc/syslog.conf look like??
How does /etc/pam.conf look like?? Compare it with a system that is working fine.

Also if you put auth.info /var/adm/syslog/syslog.log
(or other file), Do you see authentication messages in that file??

Are you up to date on telnet patches??

The man page also says that -a options requires your system to have kerbose V5. (version 5) check if you have it or not.

There is no substitute to HARDWORK

Muthukumar_5 · ‎08-24-2005

-adebug will be supported when login with kerberos support.

can you post /etc/pam.conf. Did you configure pam.conf as like,

http://docs.hp.com/en/J5849-90003/apa.html

hth.

Easy to suggest when don't know about the problem!

Albert E. Whale, CISSP · ‎08-24-2005

OK you got my attention.

All I want is to have telnet perform connection logging.

SSH is logging fine.

I do not want Kerberos, but thought that this would resolve the logging issue.

In essence, logging is all I want. It should come stock with telnet. But it is not logging which is why I have posted here.

Again this is 11.23 and inetd -l is enabled.

Best regards

Sr. Systems Consultant @ ABS Computer Technology, Inc. http://www.abs-comptech.com/aewhale.html & http://www.ancegroup.com

Steven E. Protter · ‎08-24-2005

I think telnetd does use pam like ssh does. My problem with it is the password goes back and forth in clear text, thouth there are ways to deal with that.

I think a look at syslog.conf is in order because on every box I ever administered if telnet was allowed it got logged in syslog.log after inetd started up. My default setting was always to do enhanced logging.

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

Albert E. Whale, CISSP · ‎08-25-2005

Stephen,

You are preaching to the choir.

Would if I could convert a 1000 pound bahemouth to use SSH in their daily operations. Howerver, since I there are using telnet currently, it will take time to implement the transfer in daily operations.

Syslog looks like this:
mail.debug /var/adm/syslog/mail.log
*.info;auth,mail.none /var/adm/syslog/syslog.log
*.alert /dev/console
*.alert root
*.emerg *
auth.info /var/adm/syslog/auth.log

Sr. Systems Consultant @ ABS Computer Technology, Inc. http://www.abs-comptech.com/aewhale.html & http://www.ancegroup.com

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: telnetd connection logging

telnetd connection logging