Simpler Navigation for Servers and Operating Systems - Please Update Your Bookmarks
Completed: a much simpler Servers and Operating Systems section of the Community. We combined many of the older boards, so you won't have to click through so many levels to get at the information you need. Check the consolidated boards here as many sub-forums are now single boards.
If you have bookmarked forums or discussion boards in Servers and Operating Systems, we suggest you check and update them as needed.
cancel
Showing results for 
Search instead for 
Did you mean: 

Invalid Logins

SOLVED
Go to solution
Eric Coulter_1
Occasional Contributor

Invalid Logins

What is the equivalent of the Solaris loginlog in HP-UX?
6 REPLIES
Pete Randall
Outstanding Contributor

Re: Invalid Logins

/var/adm/btmp


Pete

Pete
James R. Ferguson
Acclaimed Contributor

Re: Invalid Logins

Hi eric:

# /var/adm/wtmp

...for good logins

# /var/adm/btmp

...for bad attempts

If the file isn't present, or it is removed, logging never occurs.

Regards!

...JRF...
Ken Hubnik_2
Honored Contributor

Re: Invalid Logins

last and lastb for bad logins.
Uday_S_Ankolekar
Honored Contributor

Re: Invalid Logins

/var/adm/wtmp for good and /var/adm/btmp for bad logins.

last command will show individuals last time logins.

-USA..
Good Luck..
Steven E. Protter
Exalted Contributor
Solution

Re: Invalid Logins

Attached is a script for monitoring bad logins for hp-ux.

It can be set to disable logins, but I run it on a trusted system and that aspect is handled by the OS now.

This one checks root, but obviously that easy to change.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Yogeeraj_1
Honored Contributor

Re: Invalid Logins

hi,

If you want to monitor login attempts, below one script we use to monitor root.

===========================================================
#!/bin/ksh

MAILTO=your.name@yourcompany.com

tail -1f /var/adm/syslog/syslog.log | while read line ; do
echo $line | grep -q " - .*root$" && (echo su unsuccessful - `echo $line | cut -d" " -f1,2,3,10` | mailx $MAILTO)
echo $line | grep -q " + .*root$" && (echo su successful - `echo $line | cut -d" " -f1,2,3,10` | mailx $MAILTO)
echo $line | grep -q "login/tcp"

if [ $? -eq 0 ] ; then
echo $line | sed 's/.*inetd.\([0-9][0-9]*\).*/\1/' | read PID
ps -elf | awk '$5 == PID{print $3}' PID=$PID | read USER
echo `echo $line | cut -d" " -f1,2,3` - $USER logged in | mailx $MAILTO
fi
done
===========================================================

hope this helps too!

regards
Yogeeraj
No person was ever honoured for what he received. Honour has been the reward for what he gave (clavin coolidge)