Log all Telnet and FTP Connections to a Solaris Machine

Posted October 10, 2003 by indianboy in Solaris security

By default, the solaris inetd deamon does not log the IP address of the machines that are connecting to Solaris Server. To enable the logging of all the IP addresses of machines connecting to the server and the connection time, the following script can be used.

1. cd /etc/init.d
2. vi inetsvc
3. Change the last line in the file, ie
/usr/sbin/inetd -s &
to /usr/sbin/inetd -s -t &

4. Stop and Start that script

./inetsvc stop
./inetsvc start

5. vi /etc/syslog.conf
6 . Add the following line
deamon.notice /var/adm/name_of_log_file ( the two fields should be seperated by tabs )

7. touch /var/adm/name_of_log_file
8. kill -HUP syslogd

After these changes, all connections started through the inetd deamon such as Telnet and FTP will be logged to the new file created.

This is also very useful for auditing purposes with NTP protocol enabled. This gives a consistent time throughout the enterprise and accountability can be implemented in the organization.

The Conversation

Follow the reactions below and share your own thoughts.