HPE Community
Operating System - Linux
1830367 Members
2272 Online
110001 Solutions
New Discussion

Remote Insight Board for Linux System (Failed Logins)

 
SOLVED
Go to solution
Lisa_64
Occasional Contributor

‎10-26-2004 04:10 AM

‎10-26-2004 04:10 AM

Remote Insight Board for Linux System (Failed Logins)

A message I keep seeing in my daily root mail is The Remote Insight firmware has detected unauthorized login attempts. It is flooding it, preventing other important messages I need to see. I assume someone or many keep trying to log into the RIB. Is there something I can do to prevent these messages from being routed to my root mail? Where do I go? I'm currently running RedHat AS 2.1.
0 Kudos
Reply
5 REPLIES 5
Steven E. Protter
Exalted Contributor

‎10-26-2004 04:31 AM

‎10-26-2004 04:31 AM

Re: Remote Insight Board for Linux System (Failed Logins)

check the output of this command:

lastb
lastb -R

Identify and eliminate the source of bad logins.

Its possible to integate this output into the iptables firewall and block these attempts if they are coming from the public internet.

Check the last or last -R command as well.

If any of these folks gained access, pull the machine off the network NOW!

Check the /etc/passwd file for login id's you don't recognize.

If there is a userid 0 (zero) login you didn't put there then your system is totally compromised and needs to be off the network until secured.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
xyko_1
Esteemed Contributor

‎10-26-2004 05:35 AM

‎10-26-2004 05:35 AM

Re: Remote Insight Board for Linux System (Failed Logins)

Hi Lisa,

It's important that you do what SEP is telling you because you may be under attack.

You may also try to identify the deamon that is sending the message and configure it to send the same message to another mailbox. HP has a management software called Insight Manager, and I am not a user of that software so I can't help you too much, and I suggest that you begin your work for that software. Verify if there are some hpxxx or cpqxxx daemons running on you system and look for documentations about all of them. Maybe you find the source of the messages.

That's it, not too much but ....

Regards,
Xyko
0 Kudos
Reply
HGN
Honored Contributor

‎10-27-2004 03:08 AM

‎10-27-2004 03:08 AM

Re: Remote Insight Board for Linux System (Failed Logins)

Hi

Like what others have mentioned here is the best and few other things are looks like someone is trying to come into the server which needs to be looked at first Compaq Insight Manager tools are for ahrdware monitoring of the server for any hardware issues like hard drive,memory etc etc.

I'm not sure if there is an option on RIB card where you can disable the email being sent to root.

Rgds

HGN
0 Kudos
Reply
Gelo
New Member

‎10-27-2004 06:37 AM

‎10-27-2004 06:37 AM

Re: Remote Insight Board for Linux System (Failed Logins)

Could it be that the drivers for hprsm needs to be upgraded?
0 Kudos
Reply
Mike Jagdis
Advisor

‎12-05-2004 09:22 AM

‎12-05-2004 09:22 AM

Solution

Re: Remote Insight Board for Linux System (Failed Logins)

You're not alone...

It isn't anyone trying to log in. It seems that sometimes the iLO and/or the monitoring daemons gets confused and starts spewing these non-existent events. It seems to be related to interactions between current (last couple of releases) of iLO firmware and/or hpasm daemons. i.e. it didn't use to happen but after recent upgrades it does. Trigger unknown at this time :-(.

If you're monitoring syslog (as all good admins should be!) then you can stop it (for a while) with hpasm restart or by resetting the iLO.
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.