HPE Community
Operating System - HP-UX
1819862 Members
2647 Online
109607 Solutions
New Discussion юеВ

Re: Detecting failed logins in Trusted System???

 
SOLVED
Go to solution
Kenneth Platz
Esteemed Contributor

тАО09-12-2006 06:04 AM

тАО09-12-2006 06:04 AM

Detecting failed logins in Trusted System???

Hey everyone,

I've been levied by our in-house security team to write a script that will email our systems admins whenever someone attempts to login as root and fails.

For users attempting to login through "su" and "ssh", this is pretty straightforward, as these are logged in the sulog and syslog.log, respectively. However, the logins through "telnet" (yes, we haven't been allowed to turn that off yet, go figure), for some reason do NOT log in syslog, at least not for Trusted Systems.

My requirement is that I need to detect when someone generates enough failed logins (5) to kick them out of the login program. Can someone please point me in the right direction on this?

Thanks in advance!
I think, therefore I am... I think!
0 Kudos
Reply
4 REPLIES 4
Arunvijai_4
Honored Contributor

тАО09-12-2006 06:08 AM

тАО09-12-2006 06:08 AM

Solution

Re: Detecting failed logins in Trusted System???

Hi kenneth,

You can take a look at this page : http://docs.hp.com/en/B2355-90121/ch02s05.html

-Arun
"A ship in the harbor is safe, but that is not what ships are built for"
Reply
Steven E. Protter
Exalted Contributor

тАО09-12-2006 06:09 AM

тАО09-12-2006 06:09 AM

Re: Detecting failed logins in Trusted System???

Shalom,

lastb

The command reads the binary file /var/adm/btmp and will provide the information.

You will probably want to select by date so you don't get the same complete report every day.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Mel Burslan
Honored Contributor

тАО09-12-2006 06:22 AM

тАО09-12-2006 06:22 AM

Re: Detecting failed logins in Trusted System???

Ken,

Is your inetd daemon running with the logging enabled ?

________________________________
UNIX because I majored in cryptology...
0 Kudos
Reply
Kenneth Platz
Esteemed Contributor

тАО09-12-2006 06:26 AM

тАО09-12-2006 06:26 AM

Re: Detecting failed logins in Trusted System???

Arun,

That's *exactly* the information I was looking for. I should be able to stick the audisp into my script to grab what I need.

Thanks a bunch!
I think, therefore I am... I think!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.