HPE Community
Operating System - HP-UX
1836682 Members
2684 Online
110108 Solutions
New Discussion

Login failure report

 
SOLVED
Go to solution
PM Srividhya
Advisor

‎02-14-2007 06:55 PM

‎02-14-2007 06:55 PM

Login failure report

Hi,

I want to generate a login failure report on HP-UX for a given month.

Could any one help me how to do it?

Thanks,
Vidhya
0 Kudos
Reply
8 REPLIES 8
Ivan Krastev
Honored Contributor

‎02-14-2007 07:24 PM

‎02-14-2007 07:24 PM

Re: Login failure report

Use lastb command - http://docs.hp.com/en/B2355-90128/last.1.html


regards,
ivan
0 Kudos
Reply
Peter Godron
Honored Contributor

‎02-14-2007 08:15 PM

‎02-14-2007 08:15 PM

Re: Login failure report

Hi Vidhya,
as the previous post only helped with part of the answer, can you please explain in more details what you want as a report ?
0 Kudos
Reply
PM Srividhya
Advisor

‎02-14-2007 08:52 PM

‎02-14-2007 08:52 PM

Re: Login failure report

Hi Ivan,

Thanks for the information.

But `lastb` could be run only by superuser.

I want to generate a report which should give me the list of login failures for a month and this will be part of a menu run by an operator!

Thanks,
Vidhya
0 Kudos
Reply
Sunny Jaisinghani
Trusted Contributor

‎02-15-2007 01:07 AM

‎02-15-2007 01:07 AM

Re: Login failure report

hi

try using this command in a script.

strings /etc/btmp

sunny
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎02-15-2007 01:15 AM

‎02-15-2007 01:15 AM

Re: Login failure report

Hi:

> But `lastb` could be run only by superuser.

The is very good reason for this!

Unsuccessful login attempts are tracked in the '/var/adm/btmp' file. The file should NOT be readable by any user other than root. This is because *anything* keyed by the user is recorded. It is possible that password information could be seen in the file.

Regards!

...JRF...
0 Kudos
Reply
OldSchool
Honored Contributor

‎02-15-2007 01:30 AM

‎02-15-2007 01:30 AM

Re: Login failure report

"But `lastb` could be run only by superuser.

I want to generate a report which should give me the list of login failures for a month and this will be part of a menu run by an operator! "

ok, then either suid /usr/bin/lastb so that it runs as root, or install and configure "sudo"

I recommend the latter.
0 Kudos
Reply
James George_1
Trusted Contributor

‎02-15-2007 01:57 AM

‎02-15-2007 01:57 AM

Solution

Re: Login failure report

Hi

Here is the script that I use to get this info . This will mail me a monthly report of all the failed login informations.

Rgds / james
forum is for techies .....heaven is for those who are born again !!
Reply
Bill Hassell
Honored Contributor

‎02-15-2007 08:20 AM

‎02-15-2007 08:20 AM

Re: Login failure report

To expand even more on this report: it should never be run by an operator and more important, it should never be published!!!! And /var/adm/btmp MUST NEVER be readable by anyone except root. The reason is that many users will mistakenly type their password when the prompt says "Please login" and now a password is visible in the btmp file.

So don't even bother with sudo or su or any other method to be able to run lastb or read btmp. The lastb command should only be used in looking for hackers -- and that requires somone who is trained in computer security.


Bill Hassell, sysadmin
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.