HPE Community
Operating System - HP-UX
1834939 Members
2209 Online
110071 Solutions
New Discussion

Re: bad login capture and SU question.

 
brian_31
Super Advisor

‎10-16-2003 12:58 AM

‎10-16-2003 12:58 AM

bad login capture and SU question.

Team:

We are developing a script for bad logins. we scan thru the btmp and disable the id after 5 unsuccessful logins. The question is
1. how do we handle the root account (they normally login as user and su to root)
so..is su captured in btmp?

Thanks

Brian.
0 Kudos
Reply
4 REPLIES 4
Robert-Jan Goossens
Honored Contributor

‎10-16-2003 01:02 AM

‎10-16-2003 01:02 AM

Re: bad login capture and SU question.

Brain,

How about converting your system to a trusted system ?

Robert-Jan.
0 Kudos
Reply
Pete Randall
Outstanding Contributor

‎10-16-2003 01:03 AM

‎10-16-2003 01:03 AM

Re: bad login capture and SU question.

Brian,

You need to look at /var/adm/sulog. Good su attempts are logged with a plus sign (+), bad with a minus sign (-).


Pete


Pete
0 Kudos
Reply
Mark Grant
Honored Contributor

‎10-16-2003 01:07 AM

‎10-16-2003 01:07 AM

Re: bad login capture and SU question.

I am not sure if they are recorded to /etc/btmp but they are recorded in the syslog.log
Never preceed any demonstration with anything more predictive than "watch this"
0 Kudos
Reply
Brian Bergstrand
Honored Contributor

‎10-16-2003 01:22 AM

‎10-16-2003 01:22 AM

Re: bad login capture and SU question.

As Robert said, convert to a trusted system. You can set a global policy of 5 bad login attempts and then set a specific policy for root if you want less or more attempts. All from within sam.

Don't reinvent the wheel, let the system handle this for you. The only reason not to go trusted would be if you were using NIS.

I think Robert deserved more than one point for the suggestion. It's the right way to go.

HTH.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.