HPE Community
Operating System - HP-UX
1834619 Members
2812 Online
110069 Solutions
New Discussion

Re: display unsuccessful login attempts to user

 
SM_3
Super Advisor

‎09-27-2005 11:22 PM

‎09-27-2005 11:22 PM

display unsuccessful login attempts to user

How can I display unsuccessful login attempts to a user on 11i?

Thanks.
0 Kudos
Reply
13 REPLIES 13
RAC_1
Honored Contributor

‎09-27-2005 11:27 PM

‎09-27-2005 11:27 PM

Re: display unsuccessful login attempts to user

If system is not trusted, then lastb command
If trusted then

getprpw -m ulogint "user_name" would be precise.
There is no substitute to HARDWORK
0 Kudos
Reply
Steve Steel
Honored Contributor

‎09-27-2005 11:29 PM

‎09-27-2005 11:29 PM

Re: display unsuccessful login attempts to user

Hi


see man lastb

lastb -R|grep username


Steve Steel
If you want truly to understand something, try to change it. (Kurt Lewin)
0 Kudos
Reply
Arunvijai_4
Honored Contributor

‎09-27-2005 11:30 PM

‎09-27-2005 11:30 PM

Re: display unsuccessful login attempts to user

# lastb will be helpfull in this case.

-Arun
"A ship in the harbor is safe, but that is not what ships are built for"
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎09-27-2005 11:31 PM

‎09-27-2005 11:31 PM

Re: display unsuccessful login attempts to user

Hi:

If '/var/adm/btmp' doesn't exist, create it:

# touch /var/adm/btmp
# chmod 600 /var/adm/btmp

This enable logging of failed logins. You can view this file with 'lastb'. A log of successful logins is similarly enabled if you create 'var/adm/wtmp'. Good logins are viewed with 'last'. See the manpages for 'last' for more information.

A second, useful log to consult is '/var/adm/sulog'. This records both the success and failure of 'su' (switch-user) operations.

Successful transitions are recorded with a "+" notation; unsucessful ones with a "-". For example:

SU 09/19 14:43 - ttyd1p1 mdiag-root
SU 09/19 14:44 + ttyd1p1 mdiag+root

Regards!

...JRF...
0 Kudos
Reply
Alessandro Pilati
Esteemed Contributor

‎09-27-2005 11:41 PM

‎09-27-2005 11:41 PM

Re: display unsuccessful login attempts to user

Use this command:
lastb -R USERNAME

Where username is the user of which you are checking the failed logins.

Regards,
Alex
if you don't try, you'll never know if you are able to
0 Kudos
Reply
Devender Khatana
Honored Contributor

‎09-27-2005 11:45 PM

‎09-27-2005 11:45 PM

Re: display unsuccessful login attempts to user

Hi,

lastb is the command with varioud options. It will display the attempts since last reset of /var/adm/btmp file.


HTH,
Devender
Impossible itself mentions "I m possible"
0 Kudos
Reply
Muthukumar_5
Honored Contributor

‎09-27-2005 11:45 PM

‎09-27-2005 11:45 PM

Re: display unsuccessful login attempts to user

# lastb -R

hth.
Easy to suggest when don't know about the problem!
0 Kudos
Reply
Nemer_1
Regular Advisor

‎09-27-2005 11:49 PM

‎09-27-2005 11:49 PM

Re: display unsuccessful login attempts to user

Hi,

use:

/usr/sbin/acct/fwtmp
regards,
0 Kudos
Reply
Morcos
Super Advisor

‎09-27-2005 11:57 PM

‎09-27-2005 11:57 PM

Re: display unsuccessful login attempts to user

lastb -R | grep your_user. will be helpful in this case.

Ziad
0 Kudos
Reply
Raj D.
Honored Contributor

‎09-28-2005 01:10 AM

‎09-28-2005 01:10 AM

Re: display unsuccessful login attempts to user

Hi SM ,

Simply check it with the lastb command ,
lastb will give all unsuccessful login attempts.

Remember, you need superuser access for lastb.

Else you need to add the read flag for others, for /var/adm/btmp

Cheers,
Raj.
" If u think u can , If u think u cannot , - You are always Right . "
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎09-28-2005 01:13 AM

‎09-28-2005 01:13 AM

Re: display unsuccessful login attempts to user

Hi (again):

Do *not* give read-permissions to other than root, as the owner of /var/adm/btmp. To do so exposes the possibility that password information might be exposed.

Regards!

...JRF...
0 Kudos
Reply
SM_3
Super Advisor

‎09-29-2005 11:13 PM

‎09-29-2005 11:13 PM

Re: display unsuccessful login attempts to user

Thanks.

0 Kudos
Reply
Bill Hassell
Honored Contributor

‎09-30-2005 01:27 AM

‎09-30-2005 01:27 AM

Re: display unsuccessful login attempts to user

And to followup on James' recommendation about lastb: The /var/adm/btmp file must be 600 (no read or write access to anyone but root). The lastb command can indeed find a specific user login and you can even limit the list to the last 2 or 5 entries in btmp, BUT login has no way to know when a user is confused and types their login where it says: password? and types the password where it says: login

(of course, sysadmins never have this problem...) This means that by using lastb, a hacker could look for usernames that are unusual, that look like a password. Those strings were typed at the wrong prompt and therefore logged in btmp, reported by lastb. As mentioned, a Trusted system will report both the last successful and unsuccessful login as you first login, but for a 'safe' solution on a non-Trusted system, you have to write a program to get the information from a properly protected btmp file.


Bill Hassell, sysadmin
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.