RSH Command
My thanks to:
Pravin Chavan <prchavan@pcsbom.patni.com>,
Casper Dik <casper@holland.Sun.COM>,
Jochen Bern <bern@TI.Uni-Trier.DE>,
Ronald Loftin <reloftin@mailbox.syr.edu>,
Peter Polasek <pete@cobra.brass.com>,
Jason Marshall <jasonm@vsl.com>,
mpotter@balink.com (MATTHEW POTTER),
and any other that may arrive after I send this summary.
Should I received any "other" information not covered here I'll repost and
update to this summary, however
1. RSH does NOT log remote activity
2. TCP wrappers would be the way to go. I am not good with tcp wrappers
so I may research it. I was more looking for a "Switch" that could be
toggle to log rsh activity.
3. One suggested that the who and last would give that information, I have
found out that is not so.
Below are the responses;
From: Pravin Chavan <prchavan@pcsbom.patni.com>
Date: Wed, 22 Apr 1998 13:28:05 +0530
Subject: Re: RSH command
Hi Angel,
After rsh'ing to a remote machine, the command
"who" (run on the remote machine) will show your
id as well. In this case "last" will also show
the time your rsh'd (again run "last" on the
remote machine).
BTW, this info. is stored in /var/adm/utmp(x)
files. Check if these files are emptied on the
remote machine. If they are empty, then last
does not give any output.
Regards,
Pravin
From: Casper Dik <casper@holland.Sun.COM>
To: Angel Ortiz <cherub@lava.net>
Subject: Re: RSH command
Date: Wed, 22 Apr 1998 10:18:37 +0200
Only interactive logins are entered in utmp/utmpx
Command logging through 'acct' or using auditing are your next options.
Casper
From: Jochen Bern <bern@TI.Uni-Trier.DE>
Date: Wed, 22 Apr 1998 12:01:06 +0200 (MET DST)
Subject: Re: RSH command
Reply-To:bern@uni-trier.de
Not by Default. If you put the Servers behind TCP Wrappers, however,
you can have Logs detailing the Connections made, logged with ori-
ginating Host and possibly the Result of an identd Request thereto;
No Way that I'm aware of to log the Username actually used on the
local Side, though.
Regards,
From: Ronald Loftin <reloftin@mailbox.syr.edu>
To: Angel Ortiz <cherub@lava.net>
Date: Wed, 22 Apr 1998 10:04:13 -0400 (EDT)
Subject: Re: RSH command
You would probably have to install TCP wrappers to log rsh activity.
From: Peter Polasek <pete@cobra.brass.com>
To: Angel Ortiz <cherub@lava.net>
Date: Wed, 22 Apr 1998 10:37:55 -0400 (EDT)
Subject: Re: RSH command
Don't have an answer (sorry), please summarize the responses you receive
because I also have an interest in this.
Thanks,
Peter Polasek
From: Jason Marshall <jasonm@vsl.com>
To: Angel Ortiz <cherub@lava.net>
Date: Wed, 22 Apr 1998 09:08:47 -0600 (MDT)
Subject: Re: RSH command
I don't know about rsh, but ssh (secure shell) logs all this stuff any
time a connection is made from another host. Not in wtmpx, but via
syslog. rsh might be able to do the same thing, haven't checked.
Jason
From:mpotter@balink.com (MATTHEW POTTER)
Subject: Re: RSH command
To: Angel Ortiz <cherub@lava.net>
Date: Wed, 22 Apr 1998 09:43:46 -0400
Get tcp wrappers and wrap rsh. or run inetd with a -ts flag.
