HPE Community
Operating System - HP-UX
1834150 Members
2385 Online
110064 Solutions
New Discussion

how to write a script for find out unauthorized access users

 
Khairul_1
Frequent Advisor

‎06-17-2008 01:12 AM

‎06-17-2008 01:12 AM

how to write a script for find out unauthorized access users

Hi,
We have rx5670 HP-UX 11i v2 11.23 running cluster system. We want to monitor unauthorized access on the production system.

Could any one help us to write a script to find the unauthorized access user information and send another file location?


Thanks
Khairul
0 Kudos
Reply
4 REPLIES 4
OFC_EDM
Respected Contributor

‎06-17-2008 03:30 AM

‎06-17-2008 03:30 AM

Re: how to write a script for find out unauthorized access users

Look at your syslog. When a user makes to many unsuccessful attemps to login an entry is made in the syslog.

I forget the exact message. But to test simply login unsuccessfully several times. At the same time look at the syslog for the entry.

Once you know what to look for in the syslog then write a script to grep for the entry using the static (unchanging) part of the message.

Cheers
The Devil is in the detail.
0 Kudos
Reply
OFC_EDM
Respected Contributor

‎06-17-2008 03:33 AM

‎06-17-2008 03:33 AM

Re: how to write a script for find out unauthorized access users

As an addendum to my last post.

You can then utilize your script to forward the alert to an existing Monitoring agent such as Openview.

Openview has a command called opcmsg which you can pass parameters. opcmsg will then send the message to the Openview management server to be processed.

Alternatively just use mailx to send a message to the appropriate people.
The Devil is in the detail.
0 Kudos
Reply
Kenan Erdey
Honored Contributor

‎06-17-2008 03:40 AM

‎06-17-2008 03:40 AM

Re: how to write a script for find out unauthorized access users

Hi,

lastb command show you bad login information. You can redirect it's output to a file.

Kenan.
Computers have lots of memory but no imagination
0 Kudos
Reply
OFC_EDM
Respected Contributor

‎06-17-2008 04:51 AM

‎06-17-2008 04:51 AM

Re: how to write a script for find out unauthorized access users

lastb is the better option.

bad attempts may not be put in the syslog on some systems....depends on how it's setup.
The Devil is in the detail.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.