HPE Community
Operating System - HP-UX
1833513 Members
2780 Online
110061 Solutions
New Discussion

Re: Bad login attempts

 
SOLVED
Go to solution
susee_sundar
Regular Advisor

‎06-08-2006 10:35 PM

‎06-08-2006 10:35 PM

Bad login attempts

Hi

Where i will find the unsuccesful login attempts in hp unix
0 Kudos
10 REPLIES 10
Torsten.
Acclaimed Contributor

‎06-08-2006 10:38 PM

‎06-08-2006 10:38 PM

Re: Bad login attempts

# lastb

do a man for "last" or "lastb" for more information.

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
0 Kudos
rariasn
Honored Contributor

‎06-08-2006 10:42 PM

‎06-08-2006 10:42 PM

Re: Bad login attempts

Hi susee

Man last # lastb

rgs,

ran
0 Kudos
Arunvijai_4
Honored Contributor

‎06-08-2006 10:42 PM

‎06-08-2006 10:42 PM

Re: Bad login attempts

# lastb -R

-Arun
"A ship in the harbor is safe, but that is not what ships are built for"
0 Kudos
rariasn
Honored Contributor

‎06-08-2006 10:43 PM

‎06-08-2006 10:43 PM

Re: Bad login attempts

Hi susee

Man last and lastb

rgs,

ran
0 Kudos
Enrico P.
Honored Contributor

‎06-08-2006 10:46 PM

‎06-08-2006 10:46 PM

Solution

Re: Bad login attempts

Hi,

/var/adm/btmp

File utmp contains a record of all users logged onto the system. File
btmp contains bad login entries for each invalid logon attempt. File
wtmp contains a record of all logins and logouts.

from man wtmp

This file are used by last, who, write, and login comand.

Enrico
0 Kudos
Steven E. Protter
Exalted Contributor

‎06-08-2006 10:50 PM

‎06-08-2006 10:50 PM

Re: Bad login attempts

Shalom,

Its very important from the security standpoint to make sure /var/adm/btmp and /var/adm/wtmp exist on the system.

You can use these files and the lastb last command to run audit reports and spot problem users. With the -R or -r parameter lastb provides the login ip address.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Delrish
Trusted Contributor

‎06-08-2006 10:52 PM

‎06-08-2006 10:52 PM

Re: Bad login attempts

last and lastb indicate last logins of users and ttys. Al so it shows you all the login attempts. As I know you cannot get the unsuccessful logings with these commands.
0 Kudos
rariasn
Honored Contributor

‎06-08-2006 10:58 PM

‎06-08-2006 10:58 PM

Re: Bad login attempts

Hi,


The lastb command searches backwards through the database file
/var/adm/btmp to display bad login information. Access to
/var/adm/btmp should be restricted to users with appropriate
privileges (owned by and readable only by root) because it may contain
password information.

rgs,
ran
0 Kudos
susee_sundar
Regular Advisor

‎06-08-2006 11:05 PM

‎06-08-2006 11:05 PM

Re: Bad login attempts

/var/adm/btmp file contains the information of
bad login attempts

THANKS to ALL
0 Kudos
inventsekar_1
Respected Contributor

‎06-08-2006 11:11 PM

‎06-08-2006 11:11 PM

Re: Bad login attempts

all answered ur question.

little more info:

/var/adm/sulog
/var/adm/shutdownlog
------------------
/var/adm/wtmp -successful logins
/var/adm/btmp -bad logins
/etc/utmp -info for "who" and "write"
use "strings" command to view these file.

Be Tomorrow, Today.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.