HPE Community
Operating System - HP-UX
1834935 Members
2505 Online
110071 Solutions
New Discussion

telnetd connection logging

 
Albert E. Whale, CISSP
Honored Contributor

‎08-23-2005 06:17 AM

‎08-23-2005 06:17 AM

telnetd connection logging

This is HP-UX 11.23.

Have configured /etc/inetd.conf for telnetd with

telnetd -adebug -TCP_DELAY

Previous attempts with telnet -a dbuge have issued an error about not starting with a - before the keyword. After inssuing the init -c the configuration information is complete, but there is no login connection logging occurring in syslog.

Any suggestions?
Sr. Systems Consultant @ ABS Computer Technology, Inc. http://www.abs-comptech.com/aewhale.html & http://www.ancegroup.com
0 Kudos
Reply
10 REPLIES 10
Mel Burslan
Honored Contributor

‎08-23-2005 06:32 AM

‎08-23-2005 06:32 AM

Re: telnetd connection logging

As I do not have a 11.23 system here to play with and 11.11 version of telnetd not having a -a switch at all I am not sure what to tell on that end but one thing you can check is, if your inetd is running with logging enabled ?

ps -ef | grep inetd

is it returning something like :

root 23556 1 0 Sep 29 ? 57:30 inetd -l
(note the -l at he end)

if not, you can kill inetd and restart with -l option to see if it helps

________________________________
UNIX because I majored in cryptology...
0 Kudos
Reply
RAC_1
Honored Contributor

‎08-23-2005 06:35 AM

‎08-23-2005 06:35 AM

Re: telnetd connection logging

inetd -l
does it log "loggin inetd enabled/disabled" in syslog?? Depending upon that you may need to do inetd -l again or not.
There is no substitute to HARDWORK
0 Kudos
Reply
Albert E. Whale, CISSP
Honored Contributor

‎08-23-2005 07:07 AM

‎08-23-2005 07:07 AM

Re: telnetd connection logging

We have enabled inetd -l and have verified this in syslog (no it does not show up in the process list as inetd -l).

I am receiveing login failures from SSH, but not telnetd.

any New suggestions?
Sr. Systems Consultant @ ABS Computer Technology, Inc. http://www.abs-comptech.com/aewhale.html & http://www.ancegroup.com
0 Kudos
Reply
Mel Burslan
Honored Contributor

‎08-23-2005 07:17 AM

‎08-23-2005 07:17 AM

Re: telnetd connection logging

if it does not show up in the process list as inetd -l then you have to kill and restart the inetd as such:

/usr/sbin/inetd -k
/usr/sbin/inetd -l

ssh is another story as it runs in daemon mode and not gets initiated by inetd so, sshd logging failed logins and telnetd not are two separate things, like apples and oranges.
________________________________
UNIX because I majored in cryptology...
0 Kudos
Reply
Albert E. Whale, CISSP
Honored Contributor

‎08-23-2005 07:28 AM

‎08-23-2005 07:28 AM

Re: telnetd connection logging

Mel,

Don't get hung up on inetd not having the inetd -l in the process listing, as I am seeing the message connection logging enabled and/or disable with the inted -l command (it's a toggle switch enable/disbale).

I need to get telnetd to record authentication attemtps, successes and failures.

Does telnetd use PAM like ssh does?
Sr. Systems Consultant @ ABS Computer Technology, Inc. http://www.abs-comptech.com/aewhale.html & http://www.ancegroup.com
0 Kudos
Reply
RAC_1
Honored Contributor

‎08-24-2005 10:05 AM

‎08-24-2005 10:05 AM

Re: telnetd connection logging

How does your /etc/syslog.conf look like??
How does /etc/pam.conf look like?? Compare it with a system that is working fine.


Also if you put auth.info /var/adm/syslog/syslog.log
(or other file), Do you see authentication messages in that file??

Are you up to date on telnet patches??

The man page also says that -a options requires your system to have kerbose V5. (version 5) check if you have it or not.
There is no substitute to HARDWORK
0 Kudos
Reply
Muthukumar_5
Honored Contributor

‎08-24-2005 07:15 PM

‎08-24-2005 07:15 PM

Re: telnetd connection logging

-adebug will be supported when login with kerberos support.

can you post /etc/pam.conf. Did you configure pam.conf as like,

http://docs.hp.com/en/J5849-90003/apa.html

hth.
Easy to suggest when don't know about the problem!
0 Kudos
Reply
Albert E. Whale, CISSP
Honored Contributor

‎08-24-2005 10:38 PM

‎08-24-2005 10:38 PM

Re: telnetd connection logging

OK you got my attention.

All I want is to have telnet perform connection logging.

SSH is logging fine.

I do not want Kerberos, but thought that this would resolve the logging issue.

In essence, logging is all I want. It should come stock with telnet. But it is not logging which is why I have posted here.

Again this is 11.23 and inetd -l is enabled.

Best regards
Sr. Systems Consultant @ ABS Computer Technology, Inc. http://www.abs-comptech.com/aewhale.html & http://www.ancegroup.com
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎08-24-2005 10:48 PM

‎08-24-2005 10:48 PM

Re: telnetd connection logging

I think telnetd does use pam like ssh does. My problem with it is the password goes back and forth in clear text, thouth there are ways to deal with that.

I think a look at syslog.conf is in order because on every box I ever administered if telnet was allowed it got logged in syslog.log after inetd started up. My default setting was always to do enhanced logging.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Albert E. Whale, CISSP
Honored Contributor

‎08-25-2005 01:04 AM

‎08-25-2005 01:04 AM

Re: telnetd connection logging

Stephen,

You are preaching to the choir.

Would if I could convert a 1000 pound bahemouth to use SSH in their daily operations. Howerver, since I there are using telnet currently, it will take time to implement the transfer in daily operations.

Syslog looks like this:
mail.debug /var/adm/syslog/mail.log
*.info;auth,mail.none /var/adm/syslog/syslog.log
*.alert /dev/console
*.alert root
*.emerg *
auth.info /var/adm/syslog/auth.log
Sr. Systems Consultant @ ABS Computer Technology, Inc. http://www.abs-comptech.com/aewhale.html & http://www.ancegroup.com
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.