HPE Community
Operating System - HP-UX
1821118 Members
3083 Online
109631 Solutions
New Discussion юеВ

Re: Utility like PCAnywhere

 
sdip
Advisor

тАО10-11-2004 02:48 PM

тАО10-11-2004 02:48 PM

Utility like PCAnywhere

Dear gurus -

Do you know any utility available in HP-UX which can used like PC ANywhere software. Actually I beleive somebody is hacking our system. I would like to know how they did the same.

0 Kudos
Reply
4 REPLIES 4
Sridhar Bhaskarla
Honored Contributor

тАО10-11-2004 03:03 PM

тАО10-11-2004 03:03 PM

Re: Utility like PCAnywhere

Hi Sdip,

There is SharedX but acts a bit like PC Anywhere but one has to allow them to use ShareX and you will see the such windows as "Shared".

Check for last successful logins, IP addresses where the logins are from etc. using 'last' command. You can also check the history of root and the users that you think are compromised.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО10-11-2004 03:07 PM

тАО10-11-2004 03:07 PM

Re: Utility like PCAnywhere

A utility like pcanywhere won't tell you a thing. If you have xfs set to enable in /etc/rc.config.d/xfs file you can use X emulation software to have an X desktop.

In there you could do the following:

tail -f /var/adm/syslog/syslog.log and track logins.

To look for evidence of hacking you can carefully monitor the wtmp and btmp files or copy them off regulalry with a date stamp if the hacker is cleaning up after him/herself.

Go through /etc/passwd and see if the hacker has set up an account for him/herself. Check for copies of ksh or sh that have suid set therefore letting the user become root.

A really good product to get is commerical tripwire. If the hacker is messing with log files or configuration files to cover his/her tracks tripwire will spot it and let you know what ws done and how.

http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6849AA

Will harden your system against hackers.

It requires:
http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=PERL

HIDS will help spot hackers as well:

http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=J5083AA

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Yogeeraj_1
Honored Contributor

тАО10-11-2004 05:06 PM

тАО10-11-2004 05:06 PM

Re: Utility like PCAnywhere

hi,

there is also the VNC software that can be used (only if the server processes are running).

You may wish to install an Intrusion Prevention software so that this do not recur in the future..

good luck!
regards
Yogeeraj
No person was ever honoured for what he received. Honour has been the reward for what he gave (clavin coolidge)
0 Kudos
Reply
Jim Allan
Advisor

тАО10-12-2004 08:44 PM

тАО10-12-2004 08:44 PM

Re: Utility like PCAnywhere

if a hacker has breached your system, i doubt they will be using a graphical client to do so..

as someone said previously, monitor syslog for logins, and use the command 'last' to see what users have been logging in and for how long (wtmp)

check for any major logs that have been 0-byted (/var/adm/syslog/syslog.log)
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.