Trang chủ > Sun Solaris > Enabling the syslog facility to report Login, Telnet.

Enabling the syslog facility to report Login, Telnet.

In this task, you will configure syslog to capture to a log file important information like root login attempts and inbound IP addresses for service like Telnet and FTP.

1) Edit the /etc/syslog.conf file and tell syslog to log all login activity to a file called /var/adm/authlogs. Tell syslog to log all inbound telnet and ftp sessions to a log file called /var/adm/inetdlogs.

 # vi /etc/syslog.conf
 auth.info                                    /var/adm/authlogs
 daemon.notice                           /var/adm/inetdlogs

2) Create two empty files called /var/adm/authlogs and /var/adm/inetdlogs.

 # touch /var/adm/authlogs
 # touch /var/adm/inetdlogs

3) Edit the /etc/init.d/inetsvc script and add the -t option to start inetd in tcp tracing mode.  The inetd daemon is invoked on the last line of the /etc/init.d/inetsvc script.

 # vi /etc/init.d/inetsvc

 <<output ommitted>
 
 /usr/sbin/inetd -s -t &

4) Edit the /etc/inetd.conf file and add -dl (debugging and logging) to the end of the ftp service line.

 # vi /etc/inetd.conf

 ftp     stream  tcp6    nowait  root    /usr/sbin/in.ftpd       in.ftpd -dl
 
5) Restart the inetd daemon via /etc/init.d

 # cd /etc/init.d
 # ./inetsvc stop
 # ./inetsvc start
 
6) Stop the syslog daemon via /etc/init.d. DO NOT RESTART IT YET!
/etc/init.d/syslog stop
7) Open up three additional terminal windows. In window #1, tail the /var/adm/authlogs. In window #2, tail the /var/adm/inetdlogs. In window #3, start syslog in debug mode in the foreground. Observe the output of the debug and look for any possible errors.
  
    [1] # tail -f /var/adm/authlogs
    [2] # tail -f /var/adm/inetdlogs
    [3] # syslogd -d

8) Open a fourth terminal window. Telnet to your own host and complete a succsessful root login.

 [4] # telnet localhost
 
9) Note the output in all three terminal windows.

 What kind of information was captured for:
 
  terminal window #1 (/var/adm/authlogs)
  
  Jan 30 13:32:30 hostname login: [ID 254462 auth.notice] ROOT LOGIN /dev/pts/5 FROM localhost
  
  terminal window #2 (/var/adm/inetdlogs)
  
  Jan 30 13:06:46 hostname inetd[441]: [ID 317013 daemon.notice] telnet[588] from 127.0.0.1 32870
  
  terminal window #3 (syslogd -d) 
  
writemsg(5): Logging msg ‘Jan 30 13:59:42 inetd[441]: [ID 317013 daemon.notice] telnet[625] from 127.0.0.1 32873’ to FILE /var/adm/messages 
writemsg(7): Logging msg ‘Jan 30 13:59:42 inetd[441]: [ID 317013 daemon.notice] telnet[625] from 127.0.0.1 32873’ to FILE /var/adm/inetdlogs

#Da test tren 5.9 –>ko sinh ra deamon.notice

writemsg(4): Logging msg ‘Jan 30 13:59:45 login: [ID 254462 auth.notice] ROOT LOGIN /dev/pts/12 FROM localhost’ to CONSOLE /dev/sysmsg
writemsg(6): Logging msg ‘Jan 30 13:59:45 login: [ID 254462 auth.notice] ROOT LOGIN /dev/pts/12 FROM localhost’ to FILE /var/adm/authlogs

 For terminal windows #1 and #2, what facility and level was logged to the log files?
 
  terminal window #1 auth.notice
  
  terminal window #2 daemon.notice
  
10) Exit out of your telnet session in the fourth terminal window.

 [4] # exit
 
11) In terminal window #4, edit the /etc/default/login file and have syslog generate a message after 3 failed
    login attempts.
   
     [4] # vi /etc/default/login
     SYSLOG_FAILED_LOGINS=2
 
12) In terminal window #4, telnet to your host and attempt 3 unsuccsessful root logins.

 Which file did syslog write to? Both.
 
 What was the facility and level of the auth messages?  auth.notice
  
13) In terminal window #4, send a kill signal to syslogd. Start syslogd in terminal window #3 via the /etc/init.d  run control script. Exit the two tail sessions in terminal windows (crontrol c) #1 and #2. Close all terminal windows.
   
     [4] # pkill -9 syslogd
     [3] # cd /etc/init.d
     [3] # ./syslog start
     [1] ^c
     [1] # exit
     [2] ^c
     [2] # exit
     [3] # exit
     [4] # exit

Chuyên mục:Sun Solaris
  1. Chưa có phản hồi.
  1. No trackbacks yet.

Gửi phản hồi

Mời bạn điền thông tin vào ô dưới đây hoặc kích vào một biểu tượng để đăng nhập:

WordPress.com Logo

Bạn đang bình luận bằng tài khoản WordPress.com Log Out / Thay đổi )

Twitter picture

Bạn đang bình luận bằng tài khoản Twitter Log Out / Thay đổi )

Facebook photo

Bạn đang bình luận bằng tài khoản Facebook Log Out / Thay đổi )

Google+ photo

Bạn đang bình luận bằng tài khoản Google+ Log Out / Thay đổi )

Connecting to %s

%d bloggers like this: