HPE Community
Operating System - HP-UX
1833685 Members
3935 Online
110062 Solutions
New Discussion

Increasing Logging details for logins

 
SOLVED
Go to solution
Kvetch
New Member

‎09-20-2006 08:28 AM

‎09-20-2006 08:28 AM

Increasing Logging details for logins

I was wondering if there was a way to increase the level of logging for logins? I have auth.debug in my syslog.conf but noticed that if I attempt to log into my box using a fake name it will log that event but it doesn't report how many times I tred entering the password. Same goes for telnet, if I can connect via telnet and sit there all day trying names and passwords (I have it set to lock an account after 3 bad passwords) but it only reports back once.

So if I telnet to this box and use a valid user with a bad password I get the following only once no matter how many times I try
login: pam_authenticate: error Authentication failed

If I try and use different names I get the following only once no matter how many times I pound at it in one connection attempt
login: pam_authenticate: error No account present for user

I haven't figured out why but sometimes I also get this but only once too.
login: pam_acct_mgmt: error No account present for user

How can I get telnet to report the user name like ssh does and how can I get it to log each time a bad password or bad username is used?

Lastb lists the attempts but not whether it was successful or not. I have auditing on for both Successful and Failed Events.

Thanks,
Nick
0 Kudos
Reply
3 REPLIES 3
Ivan Krastev
Honored Contributor

‎09-20-2006 10:13 AM

‎09-20-2006 10:13 AM

Solution

Re: Increasing Logging details for logins

For telnet logging try inetd -l (for logging all connections). To enable it put INETD_ARGS="-l" in file /etc/rc.config.d/netdaemons


regards,
ivan
Reply
Ivan Ferreira
Honored Contributor

‎09-20-2006 10:21 AM

‎09-20-2006 10:21 AM

Re: Increasing Logging details for logins

If you add the debug option for the pam_hpsec module in /etc/pam.conf, you get a little more information:

login auth required libpam_unix.so.1 debug

Sep 20 18:18:36 hostname login: unix pam_sm_authenticate(login baduser), flags = 0
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Reply
Kvetch
New Member

‎09-21-2006 01:51 AM

‎09-21-2006 01:51 AM

Re: Increasing Logging details for logins

perfect thanks guys.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.