[prev in list] [next in list] [prev in thread] [next in thread] 

List:       sentry
Subject:    [Abacus] hostSentry on Solaris 2.6
From:       Gary Casterline <casterln () nature ! Berkeley ! EDU>
Date:       2000-01-11 0:48:28
[Download RAW message or body]

Hello,

I'm having some problems with what gets log from hostSentry
on our Solaris 2.6 machine.
Apparently the Host: is not being reported consistently and
the ForeignDomain module is getting fired way too often.

Jan 10 16:22:41 nature.Berkeley.EDU hostSentry[9053]:
  securityalert: LOGIN User: casterln TTY: pts/2 Host: nature.Berkeley.EDU
Jan 10 16:22:44 nature.Berkeley.EDU hostSentry[9053]:
  securityalert: LOGIN User: casterln TTY: pts/2 Host: 
Jan 10 16:22:44 nature.Berkeley.EDU hostSentry[9053]:
  securityalert: Foreign domain login detected for user: casterln from: 
Jan 10 16:22:44 nature.Berkeley.EDU hostSentry[9053]:
  securityalert: Action being taken for user: casterln
Jan 10 16:22:44 nature.Berkeley.EDU hostSentry[9053]:
  securityalert: Module requesting action is: moduleForeignDomain
Jan 10 16:22:44 nature.Berkeley.EDU hostSentry[9053]:
  securityalert: Action complete for module: moduleForeignDomain

The first entry is fine, since Berkeley.EDU is in the
moduleForeignDomain.allow file.  But the second has nothing
reported as the Host: and the ForeignDomain is executed.

I'm suspicious of my WTMP_FORMAT for the /var/adm/utmpx file:

# SOLARIS 2.6 utmpx
# WTMP_FORMAT = "372/36:32/0:32/114:256"

What are other Solaris 2.6 folks using?

Thanks,

 _Gary

[prev in list] [next in list] [prev in thread] [next in thread]