1834462 Members
3061 Online
110067 Solutions
New Discussion

Login failure report

 
SOLVED
Go to solution
PM Srividhya
Advisor

Login failure report

Hi,

I want to generate a login failure report on HP-UX for a given month.

Could any one help me how to do it?

Thanks,
Vidhya
8 REPLIES 8
Ivan Krastev
Honored Contributor

Re: Login failure report

Use lastb command - http://docs.hp.com/en/B2355-90128/last.1.html


regards,
ivan
Peter Godron
Honored Contributor

Re: Login failure report

Hi Vidhya,
as the previous post only helped with part of the answer, can you please explain in more details what you want as a report ?
PM Srividhya
Advisor

Re: Login failure report

Hi Ivan,

Thanks for the information.

But `lastb` could be run only by superuser.

I want to generate a report which should give me the list of login failures for a month and this will be part of a menu run by an operator!

Thanks,
Vidhya
Sunny Jaisinghani
Trusted Contributor

Re: Login failure report

hi

try using this command in a script.

strings /etc/btmp

sunny
James R. Ferguson
Acclaimed Contributor

Re: Login failure report

Hi:

> But `lastb` could be run only by superuser.

The is very good reason for this!

Unsuccessful login attempts are tracked in the '/var/adm/btmp' file. The file should NOT be readable by any user other than root. This is because *anything* keyed by the user is recorded. It is possible that password information could be seen in the file.

Regards!

...JRF...
OldSchool
Honored Contributor

Re: Login failure report

"But `lastb` could be run only by superuser.

I want to generate a report which should give me the list of login failures for a month and this will be part of a menu run by an operator! "

ok, then either suid /usr/bin/lastb so that it runs as root, or install and configure "sudo"

I recommend the latter.
James George_1
Trusted Contributor
Solution

Re: Login failure report

Hi

Here is the script that I use to get this info . This will mail me a monthly report of all the failed login informations.

Rgds / james
forum is for techies .....heaven is for those who are born again !!
Bill Hassell
Honored Contributor

Re: Login failure report

To expand even more on this report: it should never be run by an operator and more important, it should never be published!!!! And /var/adm/btmp MUST NEVER be readable by anyone except root. The reason is that many users will mistakenly type their password when the prompt says "Please login" and now a password is visible in the btmp file.

So don't even bother with sudo or su or any other method to be able to run lastb or read btmp. The lastb command should only be used in looking for hackers -- and that requires somone who is trained in computer security.


Bill Hassell, sysadmin