AIX

AIX

Connect with fellow AIX users and experts to gain knowledge, share insights, and solve problems.


#Power
 View Only

  • 1.  Disabling Remote Logging in AIX 6.1

    Posted Thu May 27, 2010 12:31 AM

    Originally posted by: elros.elrond


    Peace all,

    My office recently bought a new AIX 6.1 machine.
    We usually use Solaris so I have little experience in AIX.

    One of our security hardening standards is to disable remote logging of syslogd.
    In Solaris, depending on the version, you'll only have to tinker with /etc/init.d/syslog, or /etc/default/syslogd, or using the svcadm command.

    How can I do something similar in AIX 6.1?
    Any help will be greatly appreciated.

    Thanks,
    e.e
    #AIX-Forum


  • 2.  Re: Disabling Remote Logging in AIX 6.1

    Posted Thu May 27, 2010 02:21 PM

    Originally posted by: Juredd1


    I am not a syslog export but I do not believe that AIX will be remote logging without you specifically setting it up to remote log in the syslog.conf file.

    A fresh install of AIX 6.1 will not even be logging locally without you setting it up on syslog.conf and refreshing syslogd daemon.
    #AIX-Forum


  • 3.  Re: Disabling Remote Logging in AIX 6.1

    Posted Fri May 28, 2010 11:25 AM

    Originally posted by: elros.elrond


    Peace Juredd1,

    I'm not sure, but since port 514 is listening, the syslogd may be started to accept remote logging by default.

    =adley=
    #AIX-Forum


  • 4.  Re: Disabling Remote Logging in AIX 6.1

    Posted Thu May 27, 2010 07:41 PM

    Originally posted by: esv


    you would need to start the syslogd with the -r flag, since syslogd is controlled by startsrc/stopsrc/etc .. you can either modify the ODM or modify /etc/rc.tcpip, it is much easier to modify /etc/rc.tcpip but if you ever have to restart syslogd you would have to remember to use the -r flag, so going at the ODM is the safest route, I would believe that after applying a service pack or technology level, both ODM entries and /etc/rc.tcpip would get wiped out, so the process would have to be followed again.

    to modify it on the /etc/rc.tcpip file, just add a "-r" next to 'start /usr/sbin/syslogd "$src_running"' your line would read:

    start /usr/sbin/syslogd "$src_running" "-r"

    but every time you start syslogd from the command line, hopefully using stopsrc -s syslogd & startsrc -s syslogd instead of refresh -s syslogd, you would need to specify the -a flag to include the -r parameter, your command would be like this..

    stopsrc -s syslogd
    startsrc -s syslogd -a "-r"

    regards,
    esv.
    #AIX-Forum


  • 5.  Re: Disabling Remote Logging in AIX 6.1

    Posted Thu May 27, 2010 07:51 PM

    Originally posted by: esv


    going at the ODM is a little bit tricky but once you get used to the ODM command set, you should be just fine, working directly with the ODM is a bit tricky and it is advisable to have a full system backup in case of disaster.

    first do:

    create a backup of the ODM files: tar -cvf /tmp/odm.tar /etc/objrepos
    retrieve the ODM stanza for syslogd: odmget -q "subsysname = syslogd" SRCsubsys > /tmp/file

    edit /tmp/file to add a "-r" in the cmdargs line, your line should read like this:

    cmdargs = "-r"

    save the file.

    next, delete the syslogd stanza from the ODM: odmdelete -q "subsysname = syslogd" -o SRCsubsys

    now, add the saved stanza for syslogd in /tmp/file: odmadd /tmp/file
    start syslogd from the command line: startsrc -s syslogd

    if you need to restore the ODM files, restore the files from the tar file created above, the ODM is a single database composed of several files & it is best to restore them all at the time of backup.

    P.S. use at your own risk....

    best regards & good luck,
    esv.
    #AIX-Forum


  • 6.  Re: Disabling Remote Logging in AIX 6.1

    Posted Fri May 28, 2010 11:28 AM

    Originally posted by: elros.elrond


    Peace esv,

    I will try both of your options on Monday on my DEV machine.
    I'll let you know the results then.
    Thanks a lot for the input.

    e.e
    #AIX-Forum


  • 7.  Re: Disabling Remote Logging in AIX 6.1

    Posted Fri May 28, 2010 10:15 AM

    Originally posted by: MNK


    You can enable with below commands also.

    chssys -s syslogd -a "-r"

    startsrc -s syslogd

    lssrc -S -s syslogd <- A –r will be in the third field
    #AIX-Forum


  • 8.  Re: Disabling Remote Logging in AIX 6.1

    Posted Tue June 01, 2010 12:09 AM

    Originally posted by: Kosala


    Interestingly adding "-r" for the syslogd does not change much. I can still see udp4 bound to port 514, although man page says it suppress remote messages!!!

    Kosala
    #AIX-Forum


  • 9.  Re: Disabling Remote Logging in AIX 6.1

    Posted Tue June 01, 2010 06:55 AM

    Originally posted by: jklotz


    A given daemon may use a network socket, even if this is only to receive messages from local processes. As far as any message sent by a remote computer is discarded, syslogd is working as expected :)
    #AIX-Forum


  • 10.  Re: Disabling Remote Logging in AIX 6.1

    Posted Fri June 18, 2010 10:00 AM

    Originally posted by: elros.elrond


    Peace all,

    Just a quick update.
    After adding "-r" to the startup script of syslogd, I still encountered an open UDP port 514.

    Several days of tinkering and reading later, i modified the startup arguments from "-r" to "-rRN".
    For some reason, after I did this, the UDP port 514 is no longer detected by netstat.

    I guess this should do for now.

    Thanks for all the help,
    e.e
    #AIX-Forum


  • 11.  Re: Disabling Remote Logging in AIX 6.1

    Posted Tue June 22, 2010 04:03 AM

    Originally posted by: funksen


    the Reason is the -R flag

    from the man page

    
Suppresses logging of messages received from remote hosts. -R When specified, disables the facility to receive messages from the network using the internet domain socket.

    #AIX-Forum


Related Content