HPE Community
Operating System - HP-UX
1836607 Members
1963 Online
110102 Solutions
New Discussion

Re: lastb, syslog and scripts

 
Anthony deRito
Respected Contributor

‎01-11-2002 06:34 AM

‎01-11-2002 06:34 AM

lastb, syslog and scripts


1. Cannot run trusted at this time. Want to set up syslog to log failed logon attempts. Is this possible? How? In syslog.cong tried:

auth.debug /var/log/all/auth.log

did not work and don't want to run syslog in debog mode.

2. Cannot run trusted at this time. Want to run auditing tools to monitor lastb, system calls, process autdits, etc... Any one know of some good URLs for scripts to do this?

thanks

Tony
0 Kudos
Reply
7 REPLIES 7
Uday_S_Ankolekar
Honored Contributor

‎01-11-2002 06:57 AM

‎01-11-2002 06:57 AM

Re: lastb, syslog and scripts

Hi,

If you are are looking for system account
then have a look at man pages of turnacct and runacct.

Also have a look at following doc


http://us-support.external.hp.com/cki/bin/doc.pl/sid=180b7b171ae9756c09/screen=ckiDisplayDocument?docId=200000024603008

Goodluck,
-USA..
Good Luck..
0 Kudos
Reply
Anthony deRito
Respected Contributor

‎01-11-2002 07:17 AM

‎01-11-2002 07:17 AM

Re: lastb, syslog and scripts

As mentioned, I am unable to run trusted at this time. Is not true that trusted mode is required to run system accounting? If my thinking is correct, then I am unable to use your suggestions of enabling system accounting. If it is not correct, can you point me to a document that supports the idea of running system accounting without converting to trusted.

Tony
0 Kudos
Reply
Uday_S_Ankolekar
Honored Contributor

‎01-11-2002 07:40 AM

‎01-11-2002 07:40 AM

Re: lastb, syslog and scripts

Antonio,

I understood your query. It's NOT required a trusted system to run this accounting.

Also have a look at this doc..

http://us-support3.external.hp.com/cki/bin/doc.pl/sid=2c805c051d7b228bbb/screen=ckiDisplayDocument?docId=200000049411505

-USA..

Good Luck..
0 Kudos
Reply
Deshpande Prashant
Honored Contributor

‎01-11-2002 12:52 PM

‎01-11-2002 12:52 PM

Re: lastb, syslog and scripts

HI
You may want to run a script in cron to run lastb command with output redirected to /var/adm/syslog/syslog and then trim the btmp file.


Thanks.
Prashant.
Take it as it comes.
0 Kudos
Reply
Mark Fenton
Esteemed Contributor

‎01-11-2002 04:53 PM

‎01-11-2002 04:53 PM

Re: lastb, syslog and scripts

not sure what scripts you'll find, but you definately DON'T want to stick output from lastb into syslog or anywhere else that anyone other than root can read it.

0 Kudos
Reply
Anthony deRito
Respected Contributor

‎01-14-2002 08:03 AM

‎01-14-2002 08:03 AM

Re: lastb, syslog and scripts

Uday, sorry to get off the track but it is system auditing and not system accounting that I am interested in. And I am pretty sure that turning on system auditing requires trusted.

Mark, lastb is one of my issues. I found a great tool called logcheck that performs some good auditing checks.

http://www.psionic.com/abacus/logcheck

The problem is that it appears to use the syslog facility for all of its information. However, it has notification built into it that informs me via e-mail when/if a breach occurs. (I realize this is not optimal.)

One of my problems is with bad logins. When a user causes three bad login attempts, how would I get notified of this? I want to have an automated process that informs me immediately of the issue. I would not want to pipe output of lastb to syslog so that logcheck can catch it but how else would I monitor bad logins without the auditing subsystem turned on?


0 Kudos
Reply
Uday_S_Ankolekar
Honored Contributor

‎01-14-2002 08:23 AM

‎01-14-2002 08:23 AM

Re: lastb, syslog and scripts

Hi,

I was thinking you might want to do accounting on the system since "trust"ing the server is pretty much required for auditing.
I'm sorry for the previous posts

-USA..
Good Luck..
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.