SUMMARY: rexec logging

From: <egold_at_fsa.com>
Date: Wed Mar 02 2005 - 12:53:52 EST
Thanks for the help gurus.
Most people said to stop using rexec, which i realize and need to do.
This requires me to train the users on how to use ssh, i will do that in
the future.
For now, most people said more rexec logging cannot be done, but Cyril
suggested this solution, I have not tested it yet.

E


Solution:

For successfull logins :
In /etc/hosts.allow

in.rexecd: your IPs separed by a space \
        : banners /usr/local/etc/banners
        : spawn (/usr/sbin/safe_finger -l @%h 2>&1 |\
        /usr/bin/logger -i -p local0.notice -t tcpwrapper %u on %c made a
successfull "%d" on "%H" ) &

To deny all other :
in /etc/hosts.deny

in.rexecd: ALL \
        : banners /usr/local/etc/banners
        : spawn (/usr/sbin/safe_finger -l @%h 2>&1 |\
        /usr/bin/logger -i -p local0.notice -t tcpwrapper %u on %c
attempted an "%d" on "%H" ) &


Banners is of course optionnal, and must be some text files with the same
name that the deamon accessed (here in.rexec by exemple)  which contain you
message.

For further information, man -s 5 hosts_access

ORIGINAL QUESTION:
      Hi Gurus,
      I have a solaris 8 server, some users use rexec from their windows pc
      to
      start an Xwindows application.
      I have enabled tcp wrappers in /etc/inet/inetd.conf and now get this
      logging info from syslog when they connect:


      Mar  1 12:03:57 mysunserver in.rexecd[5193]: [ID 927837 mail.info]
      connect
      from 192.168.2.100


      I need to also log their username and log failed logins from rexec,
      but
      this is all I am getting in my syslog.
      Is there a way I can log usernames and failed logins from rexec?
      thank you!


      here is my syslog.conf:

      *.info                                          /var/adm/messages
      *.info                                          /dev/sysmsg


      here is my rexec entry in /etc/inet/inetd.conf:

      exec  stream  tcp     nowait  root    /usr/local/bin/tcpd
      in.rexecd
      exec  stream  tcp6    nowait  root    /usr/local/bin/tcpd
      in.rexecd



      ____________________________________
      This e-mail message is for the sole use of the intended recipient(s)
      and
      may contain proprietary, confidential and/or privileged information.
      Any
      unauthorized review, use, disclosure or distribution is prohibited.
      If you
      are not the intended recipient (or an employee or agent responsible
      to
      deliver it to the intended recipient), you may not copy or deliver
      this
      message to anyone. In such case, you should destroy this message and
      kindly
      notify the sender by reply e-mail.
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Received on Wed Mar 2 12:54:29 2005

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:44 EST