HPE Community
Operating System - HP-UX
1753902 Members
9432 Online
108810 Solutions
New Discussion юеВ

Re: Log Of Failed Login Attempts?

 
SOLVED
Go to solution
Mark Duffy
Advisor

тАО03-14-2002 02:57 AM

тАО03-14-2002 02:57 AM

Log Of Failed Login Attempts?

Hi all,

This morning a trusted server of mine running 10.20 deactivated an account due to 3 failed login attempts. As a result, scripts running ftp's using the account failed. I don't partuclarly want to increase this users number of retries to more than say 5 (starts to defeat the purpose of the server running in trusted mode). What I do want to know is where a log of failed login attempts is held so I can write a script the will mail a warning to reactivate the account before built in scripts start to fail - obvioulsy making sure these a genuine fails rather than hacks first!!

Does such a log exist?

Cheers,

Mark
0 Kudos
Reply
5 REPLIES 5
Peter Kloetgen
Esteemed Contributor

тАО03-14-2002 03:01 AM

тАО03-14-2002 03:01 AM

Solution

Re: Log Of Failed Login Attempts?

Hi Mark,

login information is stored in utmp and wtmp files in /etc and /var/adm. These files have a non- ASCII structure. Several commands like who and last read their information out of these files. See man utmp and wtmp to get information how to work with these files.

Allways stay on the bright side of life!

Peter
I'm learning here as well as helping
Reply
steven Burgess_2
Honored Contributor

тАО03-14-2002 03:03 AM

тАО03-14-2002 03:03 AM

Re: Log Of Failed Login Attempts?

Hi

You can also get ftpd to write to the syslog

Check the /etc/inetd.conf file

append -l to ftpd entry to enable logging

You can also increase this by entering -v to debug

Steve
take your time and think things through
Reply
steven Burgess_2
Honored Contributor

тАО03-14-2002 03:06 AM

тАО03-14-2002 03:06 AM

Re: Log Of Failed Login Attempts?

Hi

forgot to mention, once you have ammended the file, enter

inetd -c

to get inetd to re-read it's config file

Do not leave -v (verbose logging) enabled as it may increase your syslog.log file depending on how busy the server is
take your time and think things through
0 Kudos
Reply
Mark Duffy
Advisor

тАО03-14-2002 03:17 AM

тАО03-14-2002 03:17 AM

Re: Log Of Failed Login Attempts?

Thanks guys. I never realised that wtmp could contain bad login info as well as successful. I see that btmp holds bad login info so I'll find a way of manipulating that. I have my ftp set to log so my script could also look at that output as well.

Cheers,

Mark
0 Kudos
Reply
Mark Duffy
Advisor

тАО03-14-2002 03:29 AM

тАО03-14-2002 03:29 AM

Re: Log Of Failed Login Attempts?

An added question to this. In case my script does not run before a 5th failed login attempt, does a trusted system write to a log file once it has deactivated an account which I could let my script examine?

Thanks again,

Mark
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.