Search the FAQ Archives

3 - A - B - C - D - E - F - G - H - I - J - K - L - M
N - O - P - Q - R - S - T - U - V - W - X - Y - Z
faqs.org - Internet FAQ Archives

SGI security Frequently Asked Questions (FAQ)
Section - -4- How can I log more information about logins?

( Single Page )
[ Usenet FAQs | Web FAQs | Documents | RFC Index | Counties ]


Top Document: SGI security Frequently Asked Questions (FAQ)
Previous Document: -3- How can I configure IRIX to be more secure?
Next Document: -5- How can I make an anonymous or restricted FTP account?
See reader questions & answers on this topic! - Help others by sharing your knowledge

  - 'last', 'who', etc. get remote login information from
    /var/adm/utmpx and /var/adm/wtmp. That information is only logged
    into these files if they already exist. To create them, do
    'touch /var/adm/utmpx /var/adm/wtmpx'. The analogous files under
    IRIX 4.0.x are /etc/xutmp and /etc/xwtmp.

  - If you're running IRIX 5.3, install patch 420 to fix a bug which
    causes xterm(1) to log logins incorrectly.

  - As described in the login(1) manpage, you can add the line
    'syslog=all' to /etc/config/login.options (IRIX 4.0.x) or change the
    line 'SYSLOG=FAIL' in /etc/default/login to 'SYSLOG=ALL' (IRIX 5.x)
    to log all login attempts, not just successful ones, in
    /var/adm/SYSLOG. Under IRIX 5.x only, the same change in
    /etc/default/su has the same effect on 'su' attempts.

  - 'ftpd', 'rshd', 'tftpd' and 'fingerd' all have options ('-l' or
    '-L') which cause them to log all accesses. See their manpages.
    'ftpd' also has '-ll' and '-lll' options (undocumented before IRIX
    5.x) which log individual file transfers and the sizes of those
    files respectively.  Add the options to the last fields (not the
    second-to-last) of the appropriate lines of /etc/inetd.conf, then do
    'killall -HUP inetd' or reboot.

  - Consider using Wietse Venema's tcp_wrappers, at
    ftp://ftp.win.tue.nl/pub/security/. This allows you not only to log
    most types of connections, but to restrict connections from
    particular hosts and prevent some forms of address spoofing.
    README.IRIX in current versions of tcp_wrappers describes a number
    of ways in which it does not work well with IRIX, some of them
    serious. tcp_wrappers is still useful, but read README.IRIX
    carefully and test your configuration to be sure it's working.

User Contributions:

Comment about this article, ask questions, or add new information about this topic:

CAPTCHA




Top Document: SGI security Frequently Asked Questions (FAQ)
Previous Document: -3- How can I configure IRIX to be more secure?
Next Document: -5- How can I make an anonymous or restricted FTP account?

Single Page

[ Usenet FAQs | Web FAQs | Documents | RFC Index ]

Send corrections/additions to the FAQ Maintainer:
sgi-faq@viz.tamu.edu (The SGI FAQ group)





Last Update March 27 2014 @ 02:12 PM