SUMMARY: rexec logging

From: <>
Date: Wed Mar 02 2005 - 12:53:52 EST
Thanks for the help gurus.
Most people said to stop using rexec, which i realize and need to do.
This requires me to train the users on how to use ssh, i will do that in
the future.
For now, most people said more rexec logging cannot be done, but Cyril
suggested this solution, I have not tested it yet.



For successfull logins :
In /etc/hosts.allow

in.rexecd: your IPs separed by a space \
        : banners /usr/local/etc/banners
        : spawn (/usr/sbin/safe_finger -l @%h 2>&1 |\
        /usr/bin/logger -i -p local0.notice -t tcpwrapper %u on %c made a
successfull "%d" on "%H" ) &

To deny all other :
in /etc/hosts.deny

in.rexecd: ALL \
        : banners /usr/local/etc/banners
        : spawn (/usr/sbin/safe_finger -l @%h 2>&1 |\
        /usr/bin/logger -i -p local0.notice -t tcpwrapper %u on %c
attempted an "%d" on "%H" ) &

Banners is of course optionnal, and must be some text files with the same
name that the deamon accessed (here in.rexec by exemple)  which contain you

For further information, man -s 5 hosts_access

      Hi Gurus,
      I have a solaris 8 server, some users use rexec from their windows pc
      start an Xwindows application.
      I have enabled tcp wrappers in /etc/inet/inetd.conf and now get this
      logging info from syslog when they connect:

      Mar  1 12:03:57 mysunserver in.rexecd[5193]: [ID 927837]

      I need to also log their username and log failed logins from rexec,
      this is all I am getting in my syslog.
      Is there a way I can log usernames and failed logins from rexec?
      thank you!

      here is my syslog.conf:

      *.info                                          /var/adm/messages
      *.info                                          /dev/sysmsg

      here is my rexec entry in /etc/inet/inetd.conf:

      exec  stream  tcp     nowait  root    /usr/local/bin/tcpd
      exec  stream  tcp6    nowait  root    /usr/local/bin/tcpd

      This e-mail message is for the sole use of the intended recipient(s)
      may contain proprietary, confidential and/or privileged information.
      unauthorized review, use, disclosure or distribution is prohibited.
      If you
      are not the intended recipient (or an employee or agent responsible
      deliver it to the intended recipient), you may not copy or deliver
      message to anyone. In such case, you should destroy this message and
      notify the sender by reply e-mail.
sunmanagers mailing list
Received on Wed Mar 2 12:54:29 2005

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:44 EST