Trang chủ > Sun Solaris > Enabling syslog facility for remote logging

Enabling syslog facility for remote logging

In this task you will learn how to consolidate syslog messages for security auditing. Depending on class size, you may need to do this exercise with a partner.
Your host will be the server and your terminal windows will be denoted with an x.
The other host will be the client and it’s terminal windows will be denoted by a y.
If you choose not to have a partner, be sure that steps 3-5 have been completed on the client host BEFORE you start this task.

1) Open two terminal windows on the both hosts.
On the client host terminal window #1, edit the syslog.conf file and instruct syslog to forward all login, telnet, and ftp information to the server host.
  
    [y1] # vi /etc/syslog.conf
    
    auth.info                                       @server
 daemon.notice                               @server

2) On the client host terminal window #1, stop the syslog service via /etc/init.d. DO NOT RESTART IT YET!

 [y1] # cd /etc/init.d
 [y1] #./syslog stop
 
3) On the client host terminal window #2, start the syslog service in debug mode in the foreground. Check for any debug errors.
  
    [y2] # syslogd -d
    
4) On the server host terminal window #1, start the syslog service via /etc/init.d. DO NOT RESTART IT YET!

 [x1] # cd /etc/init.d
 [x1] #./syslog start

5) On the server host terminal window #2, start the syslog service in debug mode in the foreground. Check for any debug errors.
  
    [x2] # syslogd -d

6) On the client host terminal window #1, telnet to the client host and successfully complete a root login.
    
 [y1] # telnet localhost
 
7) Note the debug output of syslogd on the client host.

 How many messages were generated by syslogd on the client host? Four messages were generated
 
 Where did syslogd send the messages? Two messages stayed local and two were forwarded
 
8) Note the debug output of syslogd on the server host.

 How can you tell that the server host received messages from the client host?
 
net_poll(14): received message from 12.22.215.93.128.34
writemsg(7): Logging msg ‘Jan 30 14:04:54 inetd[340]: [ID 317013 daemon.notice] telnet[360] from 127.0.0.1 32787’ to FILE /var/adm/inetdlogs

 Are there entries in the /var/adm/authlogs or /var/adm/inetdlogs?
 
 How do you know they are from the client host?

9) On the client and sever hosts, send a kill signal to syslogd. Start syslogd in terminal window #3 via the  /etc/init.d run control script. Close all terminal windows.y1
   
     [y1] # pkill -9 syslogd
     [y1] # cd /etc/init.d
     [y1] # ./syslog start
     [y1] # exit
     [y2] # exit
     [x1] # pkill -9 syslogd
     [x1] # cd /etc/init.d
     [x1] # exit
     [x2] # exit
     

Chuyên mục:Sun Solaris
  1. Chưa có phản hồi.
  1. No trackbacks yet.

Gửi phản hồi

Mời bạn điền thông tin vào ô dưới đây hoặc kích vào một biểu tượng để đăng nhập:

WordPress.com Logo

Bạn đang bình luận bằng tài khoản WordPress.com Log Out / Thay đổi )

Twitter picture

Bạn đang bình luận bằng tài khoản Twitter Log Out / Thay đổi )

Facebook photo

Bạn đang bình luận bằng tài khoản Facebook Log Out / Thay đổi )

Google+ photo

Bạn đang bình luận bằng tài khoản Google+ Log Out / Thay đổi )

Connecting to %s

%d bloggers like this: