cancel
Showing results for 
Search instead for 
Did you mean: 

Invalid Logins

SOLVED
Go to solution
Eric Coulter_1
Occasional Contributor

Invalid Logins

What is the equivalent of the Solaris loginlog in HP-UX?
6 REPLIES
Pete Randall
Outstanding Contributor

Re: Invalid Logins

/var/adm/btmp


Pete

Pete
James R. Ferguson
Acclaimed Contributor

Re: Invalid Logins

Hi eric:

# /var/adm/wtmp

...for good logins

# /var/adm/btmp

...for bad attempts

If the file isn't present, or it is removed, logging never occurs.

Regards!

...JRF...
Ken Hubnik_2
Honored Contributor

Re: Invalid Logins

last and lastb for bad logins.
Uday_S_Ankolekar
Honored Contributor

Re: Invalid Logins

/var/adm/wtmp for good and /var/adm/btmp for bad logins.

last command will show individuals last time logins.

-USA..
Good Luck..
Steven E. Protter
Exalted Contributor
Solution

Re: Invalid Logins

Attached is a script for monitoring bad logins for hp-ux.

It can be set to disable logins, but I run it on a trusted system and that aspect is handled by the OS now.

This one checks root, but obviously that easy to change.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Yogeeraj_1
Honored Contributor

Re: Invalid Logins

hi,

If you want to monitor login attempts, below one script we use to monitor root.

===========================================================
#!/bin/ksh

MAILTO=your.name@yourcompany.com

tail -1f /var/adm/syslog/syslog.log | while read line ; do
echo $line | grep -q " - .*root$" && (echo su unsuccessful - `echo $line | cut -d" " -f1,2,3,10` | mailx $MAILTO)
echo $line | grep -q " + .*root$" && (echo su successful - `echo $line | cut -d" " -f1,2,3,10` | mailx $MAILTO)
echo $line | grep -q "login/tcp"

if [ $? -eq 0 ] ; then
echo $line | sed 's/.*inetd.\([0-9][0-9]*\).*/\1/' | read PID
ps -elf | awk '$5 == PID{print $3}' PID=$PID | read USER
echo `echo $line | cut -d" " -f1,2,3` - $USER logged in | mailx $MAILTO
fi
done
===========================================================

hope this helps too!

regards
Yogeeraj
No person was ever honoured for what he received. Honour has been the reward for what he gave (clavin coolidge)