Up: SGI security Frequently Asked Questions (FAQ)
Next: -5- How can I make an anonymous or restricted FTP account?
Previous: -3- How can I configure IRIX to be more secure?
Subject: ! -4- How can I log more information about logins?
Date: 06 Dec 1995 00:00:01 EST
- 'last', 'who', etc. get remote login information from
/var/adm/utmpx and /var/adm/wtmp. That information is only logged
into these files if they already exist. To create them, do
'touch /var/adm/utmpx /var/adm/wtmpx'. The analogous files under
IRIX 4.0.x are /etc/xutmp and /etc/xwtmp.
+ - If you're running IRIX 5.3, install patch 420 to fix a bug which
+ causes xterm(1) to log logins incorrectly.
- As described in the login(1) manpage, you can add the line
'syslog=all' to /etc/config/login.options (IRIX 4.0.x) or change the
line 'SYSLOG=FAIL' in /etc/default/login to 'SYSLOG=ALL' (IRIX 5.x)
to log all login attempts, not just successful ones, in
/var/adm/SYSLOG. Under IRIX 5.x only, the same change in
/etc/default/su has the same effect on 'su' attempts.
- 'ftpd', 'rshd', 'tftpd' and 'fingerd' all have options ('-l' or
'-L') which cause them to log all accesses. See their manpages.
'ftpd' also has '-ll' and '-lll' options (undocumented before IRIX
5.x) which log individual file transfers and the sizes of those
files respectively. Add the options to the last fields (not the
second-to-last) of the appropriate lines of /etc/inetd.conf, then do
'killall -HUP inetd' or reboot.
- Consider using TCP wrappers. Besides logging, these allow you to
restrict connections to individual TCP daemons to particular hosts
and prevent some forms of address spoofing. You can get source code
from ftp://ftp.win.tue.nl/pub/security/.
Up: SGI security Frequently Asked Questions (FAQ)
Next: -5- How can I make an anonymous or restricted FTP account?
Previous: -3- How can I configure IRIX to be more secure?