Security log

The security log contains the job transactions that attempt to violate system and user security measures. It is used to aid in detecting attacks on the systems. An attempted security violation is detected when the requester fails to pass the security checks specified in the Permissions(4bnu) file or tries to access a protected source or destination file. The occurrence is logged for further analysis in the /var/spool/uucp/.Admin/security file. Two different entries can appear in the security log:

xfer

file transfer

rexe

remote execution

File transfer (xfer) security log

An entry has the following format:

type rname rlogin dname dlogin dfile sname slogin sfile size modify start end

where:

type

record type (always xfer)

rname

requester node name

rlogin

requester user login

dname

destination node name

dlogin

destination user login

dfile

destination filename

sname

source node name

slogin

source file owner login

sfile

source filename

size

source file size in bytes

modify

modification date and time of source file

start

date and time that transfer started

end

date and time that transfer completed

An example entry is:

xfer ihnp1 user1 mach1 user2 uucp.c ihnp1 user1 uucp.c \
34567 (5/19-16:10) (5/20-11:10:29) (5/20-11:18:20)

Remote execution (rexe) security log

An entry has the following format:

type rname rlogin dlogin time command

where:

type

record type (always rexe)

rname

client (requesting) node name

rlogin

client (requesting) user login

dlogin

server (destination) user login

time

date and time that command was executed by server

command

command name and options

An example entry is:

rexe ihnp1 user1 user2 (5/20-15:28:32) (pwd)