To log all Telnet , FTP Connections to a Solaris Machine

Contributor Icon Contributed by indianboy Date Icon October 10, 2003  
Tag Icon Tagged: Solaris security

By default , the solaris inetd deamon does not log the IP address of the machines that are connecting to Solaris Server . To enable the logging of all the IP addresses of machines connecting to the server and the connection time ………..


By default , the solaris inetd deamon does not log the IP address of the machines that are connecting to Solaris Server . To enable the logging of all the IP addresses of machines connecting to the server and the connection time the following changes can be incorporated

1. cd /etc/init.d
2. vi inetsvc
3. Change the last line in the file, ie
/usr/sbin/inetd -s &
to /usr/sbin/inetd -s -t &

4. Stop and Start that script

./inetsvc stop
./inetsvc start

5. vi /etc/syslog.conf
6 . Add the following line
deamon.notice /var/adm/name_of_log_file ( the two fields should be seperated by tabs )

7. touch /var/adm/name_of_log_file
8. kill -HUP syslogd

After these changes are made all connections that are started through the inetd deamon ( Telnet , FTP ) etc will be logged to the new file created

This is also very useful for auditing purposes with NTP protocol enabled which gives us a consistent time throughout the enterprise, accountability can be implemented in the organisation.

Previous recipe | Next recipe |
 
  • Anonymous
    These instructions are very good, however, I wanted to point out a typo in the instructions. The word is daemon, not deamon. Didn't want this to cause any issues for anyone. See this link for clarification and correct spelling:

    http://www.webopedia.com/TERM/d/daemon.html
blog comments powered by Disqus