HPE Community
Operating System - HP-UX
1752670 Members
5610 Online
108789 Solutions
New Discussion

Re: btmp file is not populating

 
SOLVED
Go to solution
Terry Conrad
Senior Member

‎02-28-2012 12:42 PM

‎02-28-2012 12:42 PM

btmp file is not populating

I have an old system still at HP-UX version 11.11. The btmp file does not populate (wtmp does). Any ideas on this? I do not have a lot of failed logins on this machine, but I know there are some.

 

 

0 Kudos
Reply
6 REPLIES 6
Dennis Handly
Acclaimed Contributor

‎02-28-2012 01:16 PM

‎02-28-2012 01:16 PM

Re: btmp file is not populating

What was the last modification date?

0 Kudos
Reply
Terry Conrad
Senior Member

‎02-28-2012 01:22 PM

‎02-28-2012 01:22 PM

Re: btmp file is not populating

It was last modified earlier today  (actually created earlier today, as I tried removing it and re-creating it).

 

It had no failed login information then, and is still not tracking failed logins

 

 

0 Kudos
Reply
pradeep m
Respected Contributor

‎02-29-2012 03:26 AM

‎02-29-2012 03:26 AM

Re: btmp file is not populating

 

What is the output of the below commands? does it fail with any errror?

# lastb 

or 

# lastb -R

 

/var/adm/btmps stores the bad login details. The "lastb" command reads the /var/adm/btmps for bad login details. 

If you find any error reported for the above command, try to rename the btmps file and recreate and check it.

 

# mv /var/adm/btmps /var/adm/btmps.old

# touch /var/adm/btmps

Now try to login the server with invalid user/password, so the  /var/adm/btmps file get updated.

# lastb -R (check if the command lists the expected output)

 

for details refer the man page of "lastb". 

Regards,
Pradeep

I am an HP Employee
A quick resolution to technical issues for your HP Enterprise products is just a click away HP Support Center Knowledge-base
See Self Help Post for more details


Reply
Terry Conrad
Senior Member

‎02-29-2012 08:21 AM

‎02-29-2012 08:21 AM

Re: btmp file is not populating

this box is still 11iv1, so I think it uses btmp

 

lastb and lastb -R return only 'btmp begins Wed Feb 29 10:15' (that btmp file is empty)

 

I did rename the old file, touch a new one, and mis-type my login...again, the file is totally empty

 

I have tried different owner and group permissions on this file; different read/write/execute permissions on this file; I can not get failed logins to write there

 

 

 

0 Kudos
Reply
Terry Conrad
Senior Member

‎02-29-2012 08:40 AM

‎02-29-2012 08:40 AM

Re: btmp file is not populating

an update...

 

This is an old box, but is still in use. It does not normally have a console connected to it. Telnet is not available on this box, I get to it with ssh. I hooked our console to this server, and mis-typed my login. This did show up as a failed login.

 

Is it possible failed ssh logins are written somewhere else, or not at all?

 

 

0 Kudos
Reply
Bill Hassell
Honored Contributor

‎02-29-2012 10:37 AM

‎02-29-2012 10:37 AM

Solution

Re: btmp file is not populating

telnet sends bad login information to the btmp file but ssh is a self-contained authentication system, so it logs failed attempts in syslog using the "auth" facility. Look for "failed" in syslog (there may unrelated failed messages). A better way to handle authentication is to create a separate log just for authentication and pull out all the "auth" records from syslog. Do this with syslog.conf:

 

*.info;mail.none;auth.none       /var/adm/syslog/syslog.log

auth.info       /var/adm/syslog/auth.log

NOTE: *NO* spaces allowed on any line except comments. Put another way, any space character turns the entire line (silently) into a coment. Use tabs.

 

What the above lines do is to log all info messages except no logging of anything for mail and auth records. The second line sends all auth records to the file: /var/adm/syslog/auth.log

 

This (ssh logging) is standard behavior for all versions of HP-UX.



Bill Hassell, sysadmin
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.