disable telnet log for wtmp - HP UX

This is a discussion on disable telnet log for wtmp - HP UX ; Hello I was wondering if there is a way to exclude a login from being logged by wtmp.. A coworker is running an ftp program that logs into our server at an interval of milliseconds, and it has caused our ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: disable telnet log for wtmp

  1. disable telnet log for wtmp

    Hello

    I was wondering if there is a way to exclude a login from being logged
    by wtmp.. A coworker is running an ftp program that logs into our
    server at an interval of milliseconds, and it has caused our wtmp log
    to grow outrageous in size. When you do a last on the user, there is
    litterally millions of logs of his login sessions.

    I cannot seem to find anywhere through man pages or through threads, on
    how to releive such a problem


    thank you


  2. Re: disable telnet log for wtmp

    "thesoulcrusher" writes:

    > I was wondering if there is a way to exclude a login from being logged
    > by wtmp.. A coworker is running an ftp program that logs into our
    > server at an interval of milliseconds, and it has caused our wtmp log
    > to grow outrageous in size. When you do a last on the user, there is
    > litterally millions of logs of his login sessions.


    At that frequency, even the load caused by repeated password
    verifications might be non-negligible.

    Sounds like your coworker is polling some file, in a very stupid way.
    If such frequent checks are truly necessary, it would be better to
    keep the session open between attempts.

    There might be other, smarter ways to fulfill your coworker's needs.
    What exactly is he/she trying to achieve?

    > I cannot seem to find anywhere through man pages or through threads, on
    > how to releive such a problem


    In the spirit of alt.sysadmin.recovery, I'd recommend finding a
    suitable "Clue Installation Tool" and applying it to your coworker.
    Repeat if necessary. :-D

    --
    Matti.Kurkela@welho.com

  3. Re: disable telnet log for wtmp

    Thank you for your response,


    He is running this program to check for new orders sent to our server
    from our website.


    I am not sure why he needs to keep logging in, according to him , his
    program is written in microsoft .net 2005, and run from windows, and it
    cannot keep the connection alive, it keeps connecting and
    disconnecting....


    I was just hoping to deal with the wtmp file for now until he fixes
    that issue...


  4. Re: disable telnet log for wtmp

    "thesoulcrusher" writes:

    > He is running this program to check for new orders sent to our server
    > from our website.


    Is he going to process those orders in some way or just collecting
    statistics?

    There might be a way to make the ordering system notify him when
    necessary, instead of this silly polling scheme.

    If that isn't possible, you might consider using Samba to make the
    orders directory viewable through the network, with appropriate
    permissions.

    > I am not sure why he needs to keep logging in, according to him , his
    > program is written in microsoft .net 2005, and run from windows, and it
    > cannot keep the connection alive, it keeps connecting and
    > disconnecting....


    I kind of suspect his program is made using a "cookbook" example and
    he might not really have the skills to modify it.

    One modification should be fairly simple, at least:
    find out what is the equivalent of sleep() function (see "man 3
    sleep") in his programming language of choice.

    Then find out the structure that causes the program to keep retrying:
    it should be a loop of some sort. Then convince him to add the sleep
    function somewhere inside the loop, so that the program will spend a
    while doing nothing before or after each check it makes.

    If you can convince him that getting the information e.g. once in ten
    minutes is enough, the program can sleep for 600 seconds after each check.
    This does not completely remove the problem, but should reduce the
    number of logins to tolerable levels.

    > I was just hoping to deal with the wtmp file for now until he fixes
    > that issue...


    You might want to implement automatic wtmp log rotation and
    pre-processing: make a script that copies the current wtmp to
    a separate file, then truncates the wtmp file *immediately* after
    that.

    Then you can use the "last" command to output the content of
    wtmp in a readable form, and use "grep -v" with a suitable search
    pattern to filter your coworker's ftp logins out of the listing.
    Then archive the result as required by your security/auditing
    policies and delete the wtmp copy.

    Make a crontab entry to do this at suitable intervals, and you're
    done.

    If you do this, be sure to use suitable options with the "last"
    command so that you get all the possible information out of the wtmp
    data, as the original information will be destroyed in the process.

    This general approach would be useful every time there's a logfile
    that contains data that needs to be archived, but also some repeating
    useless information: by pre-filtering the known-useless information out,
    your logs will be much smaller and easier to archive.

    --
    Matti.Kurkela@welho.com

  5. Re: disable telnet log for wtmp


    Thank you all for your help

    We did end up setting up a script to copy wtmp to another location,
    then process the file, stripping the logins.. then saving it with the
    date appended... and then obviously initializing the current wtmp file.

    I was also thinking that setting up an apache webserver on my hpux box
    would be better , and use an http share, rather than ftp... But
    needless to say I am new to apache, I have installed it, but I dont
    know how to configure it. I cant even get the service to startup, it
    just hangs...

    Anyone have a link to a good beginners guide to configuring apache?


+ Reply to Thread