03-26-2011
If you're worried about security and trying to track root logins, the first thing you need to do is stop using telnet and start using ssh for remote access.
As far as tracking logins (and other events) on Solaris, that's what auditing does. Just google "Solaris audit".
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
We use SCO OSR5 with TermLIte to create telnet sessions.
If you accidently click X on the TermLite screen and exit the session you leave process running. I've heard of a program that will allow you to re-connect to these 'floating' sessions and then be able to carry on your session.
Does anyone... (2 Replies)
Discussion started by: mikeh
2 Replies
2. Cybersecurity
On AIX 4.3.3 , how telnet access will be allowed to few users only whereas other will not be able to telnet the server? (6 Replies)
Discussion started by: amit
6 Replies
3. UNIX for Advanced & Expert Users
Anyone know how to limit the telnet sessions on a per user basis on an HP UX Box.
I would like to limit the Maximum number of telnet seesions a user can open at any give time to around 4 or 5. I have been looking and looking and do not seem to be able to find anything on this. Any help would be... (2 Replies)
Discussion started by: Witlr
2 Replies
4. Solaris
I am trying to find the following information regarding the logging of telnet sessions within a Solaris 10 environment:
(1) How can I tell if the logging of telnet sessions is enabled on a Solaris 10 machine?
(2) Assuming that the logging of telnet sessions is not enabled, what is the... (1 Reply)
Discussion started by: RobSand
1 Replies
5. UNIX for Dummies Questions & Answers
Hi I am working in Solaris 10 and I want to monitor logs for every telnet/ssh session that tries to connect to the server. I need these logs to be generated in a file that I can fetch using ftp.
I am a new user and a stepwise detail will be great
BR
saGGee (3 Replies)
Discussion started by: saggee
3 Replies
6. HP-UX
Currenly my hp-ux server can take the default of 60 telnet connections,
i want to know how i can increase this. and also can i effect such changes without doing a reboot.
My server is HP-UX B.11.23 (1 Reply)
Discussion started by: tomjones
1 Replies
7. Solaris
hello guys, Does anybody know how I can log all the telnet sessions for a specific IP.
For instance, anybody who make a telnet to IP x.x.x.x this session will be logged. the purpose of it is that I need to know every command that people are running on this node.
Any help ?
Thanks. (1 Reply)
Discussion started by: cerioni
1 Replies
8. Shell Programming and Scripting
Hi All,
Sorry if it is a duplicate post. I have not got any reference about this anywhere.
I looked at the posts described in SSH - Passing Unix login passwords through shell scripts - Linux / UNIX Forum and it helped me till the point to connect to the host and executing the basic commands.... (3 Replies)
Discussion started by: RSC1985
3 Replies
9. UNIX for Advanced & Expert Users
Hello,
I am using a Linux server (Ubuntu 11.04 Server) to host some files and a code repository. Because we are using ssh + svn to connect to the repository, our users have normal ssh access.
What I would like to do is log their user sessions so that I have an audit trail in the event that... (2 Replies)
Discussion started by: chrisb1609
2 Replies
10. AIX
I've noticed that when running a script that connects to a number of our servers (to essentially run batch commands) that the commands aren't logged in the user's .sh_history or .bash_history files. Is there a place where this is logged (assuming the script itself isn't doing the logging and I'm... (3 Replies)
Discussion started by: kneemoe
3 Replies
LEARN ABOUT OPENSOLARIS
audit_event
audit_event(4) File Formats audit_event(4)
NAME
audit_event - audit event definition and class mapping
SYNOPSIS
/etc/security/audit_event
DESCRIPTION
/etc/security/audit_event is a user-configurable ASCII system file that stores event definitions used in the audit system. As part of this
definition, each event is mapped to one or more of the audit classes defined in audit_class(4). See audit_control(4) and audit_user(4) for
information about changing the preselection of audit classes in the audit system. Programs can use the getauevent(3BSM) routines to access
audit event information.
The fields for each event entry are separated by colons. Each event is separated from the next by a NEWLINE.Each entry in the audit_event
file has the form:
number:name:description:flags
The fields are defined as follows:
number Event number.
Event number ranges are assigned as follows:
0 Reserved as an invalid event number.
1-2047 Reserved for the Solaris Kernel events.
2048-32767 Reserved for the Solaris TCB programs.
32768-65535 Available for third party TCB applications.
System administrators must not add, delete, or modify (except to change the class mapping), events with an
event number less than 32768. These events are reserved by the system.
name Event name.
description Event description.
flags Flags specifying classes to which the event is mapped. Classes are comma separated, without spaces.
Obsolete events are commonly assigned to the special class no (invalid) to indicate they are no longer generated. Obsolete
events are retained to process old audit trail files. Other events which are not obsolete may also be assigned to the no
class.
EXAMPLES
Example 1 Using the audit_event File
The following is an example of some audit_event file entries:
7:AUE_EXEC:exec(2):ps,ex
79:AUE_OPEN_WTC:open(2) - write,creat,trunc:fc,fd,fw
6152:AUE_login:login - local:lo
6153:AUE_logout:logout:lo
6154:AUE_telnet:login - telnet:lo
6155:AUE_rlogin:login - rlogin:lo
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Interface Stability | See below. |
+-----------------------------+-----------------------------+
The file format stability is Committed. The file content is Uncommitted.
FILES
/etc/security/audit_event
SEE ALSO
bsmconv(1M), getauevent(3BSM), audit_class(4), audit_control(4), audit_user(4)
Part VII, Solaris Auditing, in System Administration Guide: Security Services
NOTES
This functionality is available only if Solaris Auditing has been enabled. See bsmconv(1M) for more information.
SunOS 5.11 26 Jun 2008 audit_event(4)