HPE Community
Operating System - HP-UX
1833062 Members
2909 Online
110049 Solutions
New Discussion

Re: root login attempt

 
SOLVED
Go to solution
John McDen
Regular Advisor

‎05-08-2002 06:01 AM

‎05-08-2002 06:01 AM

root login attempt

How do I know which user(s) tried to login as root ?? is there a place it logs the login attempts??

New to HP
0 Kudos
Reply
6 REPLIES 6
Pete Randall
Outstanding Contributor

‎05-08-2002 06:03 AM

‎05-08-2002 06:03 AM

Solution

Re: root login attempt

su to any other user is recorded in syslog. I don't think logins are, though.

Pete

Pete
Reply
MANOJ SRIVASTAVA
Honored Contributor

‎05-08-2002 06:06 AM

‎05-08-2002 06:06 AM

Re: root login attempt

Hi John

/var/adm/sulog is the file which has the information , genreally in the format

SU date time <+/-> user name su name

+ if the user was suceeful
- if the user was not sucessful

we have disabled logins to even root , oracle so that we can track down using sulog as who su ing .


Manoj Srivastava
Reply
John McDen
Regular Advisor

‎05-08-2002 06:06 AM

‎05-08-2002 06:06 AM

Re: root login attempt

Thanks ...pete
New to HP
0 Kudos
Reply
harry d brown jr
Honored Contributor

‎05-08-2002 06:07 AM

‎05-08-2002 06:07 AM

Re: root login attempt


If a user tries to login as root, then the username will showup as root, not their actual name or username.

I would suggest only allowing root to login from the console, and then disable the login by typing in the password wrong until it reashes the "disable" limit.


live free or die
harry
Live Free or Die
0 Kudos
Reply
T G Manikandan
Honored Contributor

‎05-08-2002 06:07 AM

‎05-08-2002 06:07 AM

Re: root login attempt

Check the
/var/adm/sulog
(the log file for the successful and failure attempts for su)

root logins with ipaddress can be had from the wtmp file.
YOu can check for the ipaddress that other than yours for the root logins.

use fwtmp command to change the wtmp file to ascii and check it out.

fwtmp /tmp/wtmp.ascii

Thanks
0 Kudos
Reply
Helen French
Honored Contributor

‎05-08-2002 06:08 AM

‎05-08-2002 06:08 AM

Re: root login attempt

Hi John:

Check these files:
/var/adm/sulog - su information
/var/adm/syslog/syslog.log
/var/adm/wtmp - logins
/var/adm/btmp - bad logins

and these commands:

# last
# lastb

HTH,
Shiju
Life is a promise, fulfill it!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.