Trang chủ > Sun Solaris > Enabling syslog facility for remote logging

Enabling syslog facility for remote logging

In this task you will learn how to consolidate syslog messages for security auditing. Depending on class size, you may need to do this exercise with a partner.
Your host will be the server and your terminal windows will be denoted with an x.
The other host will be the client and it’s terminal windows will be denoted by a y.
If you choose not to have a partner, be sure that steps 3-5 have been completed on the client host BEFORE you start this task.

1) Open two terminal windows on the both hosts.
On the client host terminal window #1, edit the syslog.conf file and instruct syslog to forward all login, telnet, and ftp information to the server host.
  
    [y1] # vi /etc/syslog.conf
    
    auth.info                                       @server
 daemon.notice                               @server

2) On the client host terminal window #1, stop the syslog service via /etc/init.d. DO NOT RESTART IT YET!

 [y1] # cd /etc/init.d
 [y1] #./syslog stop
 
3) On the client host terminal window #2, start the syslog service in debug mode in the foreground. Check for any debug errors.
  
    [y2] # syslogd -d
    
4) On the server host terminal window #1, start the syslog service via /etc/init.d. DO NOT RESTART IT YET!

 [x1] # cd /etc/init.d
 [x1] #./syslog start

5) On the server host terminal window #2, start the syslog service in debug mode in the foreground. Check for any debug errors.
  
    [x2] # syslogd -d

6) On the client host terminal window #1, telnet to the client host and successfully complete a root login.
    
 [y1] # telnet localhost
 
7) Note the debug output of syslogd on the client host.

 How many messages were generated by syslogd on the client host? Four messages were generated
 
 Where did syslogd send the messages? Two messages stayed local and two were forwarded
 
8) Note the debug output of syslogd on the server host.

 How can you tell that the server host received messages from the client host?
 
net_poll(14): received message from 12.22.215.93.128.34
writemsg(7): Logging msg ‘Jan 30 14:04:54 inetd[340]: [ID 317013 daemon.notice] telnet[360] from 127.0.0.1 32787’ to FILE /var/adm/inetdlogs

 Are there entries in the /var/adm/authlogs or /var/adm/inetdlogs?
 
 How do you know they are from the client host?

9) On the client and sever hosts, send a kill signal to syslogd. Start syslogd in terminal window #3 via the  /etc/init.d run control script. Close all terminal windows.y1
   
     [y1] # pkill -9 syslogd
     [y1] # cd /etc/init.d
     [y1] # ./syslog start
     [y1] # exit
     [y2] # exit
     [x1] # pkill -9 syslogd
     [x1] # cd /etc/init.d
     [x1] # exit
     [x2] # exit
     

Advertisements
Chuyên mục:Sun Solaris
  1. Không có bình luận
  1. No trackbacks yet.

Trả lời

Mời bạn điền thông tin vào ô dưới đây hoặc kích vào một biểu tượng để đăng nhập:

WordPress.com Logo

Bạn đang bình luận bằng tài khoản WordPress.com Đăng xuất / Thay đổi )

Twitter picture

Bạn đang bình luận bằng tài khoản Twitter Đăng xuất / Thay đổi )

Facebook photo

Bạn đang bình luận bằng tài khoản Facebook Đăng xuất / Thay đổi )

Google+ photo

Bạn đang bình luận bằng tài khoản Google+ Đăng xuất / Thay đổi )

Connecting to %s

%d bloggers like this: