Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Logging remote telnet sessions via script
Operating Systems Solaris Logging remote telnet sessions via script Post 302508193 by achenle on Saturday 26th of March 2011 01:51:20 PM
Old 03-26-2011
If you're worried about security and trying to track root logins, the first thing you need to do is stop using telnet and start using ssh for remote access.

As far as tracking logins (and other events) on Solaris, that's what auditing does. Just google "Solaris audit".
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

How to Re-connect to floating telnet sessions

We use SCO OSR5 with TermLIte to create telnet sessions. If you accidently click X on the TermLite screen and exit the session you leave process running. I've heard of a program that will allow you to re-connect to these 'floating' sessions and then be able to carry on your session. Does anyone... (2 Replies)
Discussion started by: mikeh
2 Replies

2. Cybersecurity

restricted telnet sessions

On AIX 4.3.3 , how telnet access will be allowed to few users only whereas other will not be able to telnet the server? (6 Replies)
Discussion started by: amit
6 Replies

3. UNIX for Advanced & Expert Users

Limiting telnet sessions on HP UX Box

Anyone know how to limit the telnet sessions on a per user basis on an HP UX Box. I would like to limit the Maximum number of telnet seesions a user can open at any give time to around 4 or 5. I have been looking and looking and do not seem to be able to find anything on this. Any help would be... (2 Replies)
Discussion started by: Witlr
2 Replies

4. Solaris

Logging Telnet Sessions

I am trying to find the following information regarding the logging of telnet sessions within a Solaris 10 environment: (1) How can I tell if the logging of telnet sessions is enabled on a Solaris 10 machine? (2) Assuming that the logging of telnet sessions is not enabled, what is the... (1 Reply)
Discussion started by: RobSand
1 Replies

5. UNIX for Dummies Questions & Answers

Automatic logging (capture screen output) of telnet/ssh sessions on a Solaris node

Hi I am working in Solaris 10 and I want to monitor logs for every telnet/ssh session that tries to connect to the server. I need these logs to be generated in a file that I can fetch using ftp. I am a new user and a stepwise detail will be great BR saGGee (3 Replies)
Discussion started by: saggee
3 Replies

6. HP-UX

maximum telnet sessions

Currenly my hp-ux server can take the default of 60 telnet connections, i want to know how i can increase this. and also can i effect such changes without doing a reboot. My server is HP-UX B.11.23 (1 Reply)
Discussion started by: tomjones
1 Replies

7. Solaris

Logging Telnet sessions ?

hello guys, Does anybody know how I can log all the telnet sessions for a specific IP. For instance, anybody who make a telnet to IP x.x.x.x this session will be logged. the purpose of it is that I need to know every command that people are running on this node. Any help ? Thanks. (1 Reply)
Discussion started by: cerioni
1 Replies

8. Shell Programming and Scripting

Executing scipts after logging into a remote host using shell script

Hi All, Sorry if it is a duplicate post. I have not got any reference about this anywhere. I looked at the posts described in SSH - Passing Unix login passwords through shell scripts - Linux / UNIX Forum and it helped me till the point to connect to the host and executing the basic commands.... (3 Replies)
Discussion started by: RSC1985
3 Replies

9. UNIX for Advanced & Expert Users

Logging User Sessions

Hello, I am using a Linux server (Ubuntu 11.04 Server) to host some files and a code repository. Because we are using ssh + svn to connect to the repository, our users have normal ssh access. What I would like to do is log their user sessions so that I have an audit trail in the event that... (2 Replies)
Discussion started by: chrisb1609
2 Replies

10. AIX

Remote Script command logging question

I've noticed that when running a script that connects to a number of our servers (to essentially run batch commands) that the commands aren't logged in the user's .sh_history or .bash_history files. Is there a place where this is logged (assuming the script itself isn't doing the logging and I'm... (3 Replies)
Discussion started by: kneemoe
3 Replies

LEARN ABOUT OPENSOLARIS

audit_event

audit_event(4)							   File Formats 						    audit_event(4)

NAME

       audit_event - audit event definition and class mapping

SYNOPSIS

       /etc/security/audit_event

DESCRIPTION

       /etc/security/audit_event  is a user-configurable ASCII system file that stores event definitions used in the audit system. As part of this
       definition, each event is mapped to one or more of the audit classes defined in audit_class(4). See audit_control(4) and audit_user(4)  for
       information  about changing the preselection of audit classes in the audit system. Programs can use the getauevent(3BSM) routines to access
       audit event information.

       The fields for each event entry are separated by colons. Each event is separated from the next by a NEWLINE.Each entry in  the  audit_event
       file has the form:

	 number:name:description:flags

       The fields are defined as follows:

       number	      Event number.

		      Event number ranges are assigned as follows:

		      0 	     Reserved as an invalid event number.

		      1-2047	     Reserved for the Solaris Kernel events.

		      2048-32767     Reserved for the Solaris TCB programs.

		      32768-65535    Available for third party TCB applications.

				     System  administrators  must  not add, delete, or modify (except to change the class mapping), events with an
				     event number less than 32768. These events are reserved by the system.

       name	      Event name.

       description    Event description.

       flags	      Flags specifying classes to which the event is mapped. Classes are comma separated, without spaces.

		      Obsolete events are commonly assigned to the special class no (invalid) to indicate they are no longer  generated.  Obsolete
		      events  are  retained  to  process old audit trail files. Other events which are not obsolete may also be assigned to the no
		      class.

EXAMPLES

       Example 1 Using the audit_event File

       The following is an example of some audit_event file entries:

	 7:AUE_EXEC:exec(2):ps,ex
	 79:AUE_OPEN_WTC:open(2) - write,creat,trunc:fc,fd,fw
	 6152:AUE_login:login - local:lo
	 6153:AUE_logout:logout:lo
	 6154:AUE_telnet:login - telnet:lo
	 6155:AUE_rlogin:login - rlogin:lo

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     | See below.		   |
       +-----------------------------+-----------------------------+

       The file format stability is Committed. The file content is Uncommitted.

FILES

       /etc/security/audit_event

SEE ALSO

       bsmconv(1M), getauevent(3BSM), audit_class(4), audit_control(4), audit_user(4)

       Part VII, Solaris Auditing, in System Administration Guide: Security Services

NOTES

       This functionality is available only if	Solaris Auditing has been enabled. See bsmconv(1M) for more information.

SunOS 5.11							    26 Jun 2008 						    audit_event(4)
All times are GMT -4. The time now is 06:06 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy