HPE Community
Operating System - HP-UX
1849822 Members
2134 Online
104044 Solutions
New Discussion

who is doing remshd?

 
SOLVED
Go to solution
someone_4
Honored Contributor

‎07-31-2001 10:51 AM

‎07-31-2001 10:51 AM

who is doing remshd?

Hey everyone I have attached a portion of my wtmp log. And as you see someone is doing a remsh every second 24 hours a day. I have asked around and no one is doing that many. Is there any way that I can find out an ip of where the remsh is comming from? Or does anyone have any suggestions to find out who and what is doing this?

Thanks

Richard
0 Kudos
Reply
4 REPLIES 4
James R. Ferguson
Acclaimed Contributor

‎07-31-2001 11:00 AM

‎07-31-2001 11:00 AM

Solution

Re: who is doing remshd?

Hi Richard:

Probably the easiest way to find out "who" is doing this is to enable connection logging:

# /usr/sbin/inetd -l

This is a toggle to turn logging on as well as off. The logging is done in /var/adm/syslog/syslog.log by default.

Regards!

...JRF...
Reply
A. Clay Stephenson
Acclaimed Contributor

‎07-31-2001 11:01 AM

‎07-31-2001 11:01 AM

Re: who is doing remshd?

Hi Richard,

The easist method is to do an lsof | grep remshd | grep TCP

This will list the connected ports and the IP Address or Hostname of the offender.

It may take several tries to get it since whatever this is, it appears to be a very quick process. If you don't have lsof, you can download it from one of the HP-UX Porting Centers and it is a utility you should always have.

Clay
If it ain't broke, I can fix that.
0 Kudos
Reply
Dan Bonham
Advisor

‎07-31-2001 11:46 AM

‎07-31-2001 11:46 AM

Re: who is doing remshd?

You could take a more brutal approach and turn remsh off in the inetd.conf file, run inetd -c to re-read the configuration file and then wait and see if anyone calls to complain.
0 Kudos
Reply
someone_4
Honored Contributor

‎07-31-2001 12:03 PM

‎07-31-2001 12:03 PM

Re: who is doing remshd?

Hey Mr. James
That worked great.

Mr Clay ..
If you reccomend lsof that is a tool I will look into.

Rusy ..
sorry I cant do that .. phone would ring of the hook but fun thought.

Richard
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.