Operating System - Linux
1828504 Members
2709 Online
109978 Solutions
New Discussion

Re: Omniback Client In Linux

 
Suren Selva_1
Advisor

Omniback Client In Linux

Hello All,

I am new to Linux Sys Administration and I am trying to install the Omniback agent in a RedHat Linux Enterprise Server V3.0 server. When I type in the root password for Omniback to login, I am being denied access.

Any idea on what I need to do to install the Linux client remotely?

Thanks,
S. Selva
Live and let live!
6 REPLIES 6
Jason W. Neiss
Valued Contributor

Re: Omniback Client In Linux

Make sure you've got the rsh server running on the Linux server. Omniback needs rsh access in order to install the client remotely. Once you've got the OBII client installed, you can then disable the rsh server if your site requires that.

Another option is to install the OBII client locally on the server, then import it from the OBII console.

Jason
Suren Selva_1
Advisor

Re: Omniback Client In Linux

I am looking at installing remotely. Therefore I enabled rsh in the Linux server.

I am still getting an invalid user/password error message. Is the firewall an issue? If so how can I disable it in Enterprise Version 3.0?

-S. Selva
Live and let live!
Jason W. Neiss
Valued Contributor

Re: Omniback Client In Linux

First, make sure you can rsh to the system directly (via telnet or some such). Next, make sure *root* can do so. Most Linux distros (and Red Hat, definitely) disable direct rsh access to the root account. You may need to temporarily enable it in order to remotely install the OBII client.

I don't know off the top of my head how to enable/disable root's rsh access, but I'm sure a quick search of Red Hat's site would find it.

Jason
Jason W. Neiss
Valued Contributor

Re: Omniback Client In Linux

Found it:

From http://www.redhat.com/docs/manuals/linux/RHL-7.1-Manual/ref-guide/s1-pam-rexec.html:

"...Finally, restart xinetd with /sbin/service xinetd restart to activate the ntsysv changes. At this point, all users except root will be able to use rexec, rsh, and rlogin.

To allow root to use these tools, add the names of the tools you wish to allow to the /etc/securetty. If you wanted to enable root login using rexec, rsh, and rlogin, add the following lines to /etc/securetty:

rexec
rsh
rlogin

To allow root to log in using these tools via telnet (an even worse idea but necessary in some environments), add a few more lines:

pts/0
pts/1"

While this is specific to RH7.1, I'm sure Enterprise 3.0 is similar enough for this to apply.

Jason
dirk dierickx
Honored Contributor

Re: Omniback Client In Linux

also take care of any firewall (iptables/ipchains) on the linux client that might be running blocking connections.

ofcourse, after the agent is installed don't forget to reverse/undo all you changes you made.

Re: Omniback Client In Linux

Three things need to be done:

1) rexecd needs to be enabled/started
2) rexec needs to be allowed in /etc/securetty
3) rexec needs to be allowed in your iptables and/or tcp_wrappers configurations
4) Undo most of the above.

1) Edit /etc/xinetd.d/rexec, change "disable = yes" to "disable = no". Start/restart xinetd, (service xinetd restart)

2) The simplest (and most insecure) way is to move this file out of the way for the 30 seconds it takes to deploy the agents. "mv /etc/securetty /etc/securetty.bak".
--or--
You sould also be able to add "rexec" or "rexecd" (I can't remember which) to /etc/securetty. Either method should work. I know the first works fine on RHEL 3.

3) For iptables, you're on your own. Check /etc/services for the exec/rexec port of interest. For tcp_wrappers support, make sure you have a
"in.rexecd: my-omniback-server.fqdn"
line in your /etc/hosts.allow file. If you've not configured tcp_wrappers, don't worry about this.

4.1) Undo your changes in /etc/xinetd.d/rexec
4.2) Move /etc/securetty back into place or undo your changes to the file
4.3) Undo your iptables and tcp_wrappers changes, but make sure you leave an entry in both for the newly installed "omni" service.

Best of luck.