[prev in list] [next in list] [prev in thread] [next in thread]
List: sentry
Subject: [Abacus] hostSentry on Solaris 2.6
From: Gary Casterline <casterln () nature ! Berkeley ! EDU>
Date: 2000-01-11 0:48:28
[Download RAW message or body]
Hello,
I'm having some problems with what gets log from hostSentry
on our Solaris 2.6 machine.
Apparently the Host: is not being reported consistently and
the ForeignDomain module is getting fired way too often.
Jan 10 16:22:41 nature.Berkeley.EDU hostSentry[9053]:
securityalert: LOGIN User: casterln TTY: pts/2 Host: nature.Berkeley.EDU
Jan 10 16:22:44 nature.Berkeley.EDU hostSentry[9053]:
securityalert: LOGIN User: casterln TTY: pts/2 Host:
Jan 10 16:22:44 nature.Berkeley.EDU hostSentry[9053]:
securityalert: Foreign domain login detected for user: casterln from:
Jan 10 16:22:44 nature.Berkeley.EDU hostSentry[9053]:
securityalert: Action being taken for user: casterln
Jan 10 16:22:44 nature.Berkeley.EDU hostSentry[9053]:
securityalert: Module requesting action is: moduleForeignDomain
Jan 10 16:22:44 nature.Berkeley.EDU hostSentry[9053]:
securityalert: Action complete for module: moduleForeignDomain
The first entry is fine, since Berkeley.EDU is in the
moduleForeignDomain.allow file. But the second has nothing
reported as the Host: and the ForeignDomain is executed.
I'm suspicious of my WTMP_FORMAT for the /var/adm/utmpx file:
# SOLARIS 2.6 utmpx
# WTMP_FORMAT = "372/36:32/0:32/114:256"
What are other Solaris 2.6 folks using?
Thanks,
_Gary
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic