HPE Community
Operating System - HP-UX
1843400 Members
3440 Online
110215 Solutions
New Discussion

Re: ROOT LOGIN ATTEMPTS

 
SOLVED
Go to solution
Andrew Luis Arruza
Frequent Advisor

‎06-25-2001 10:16 AM

‎06-25-2001 10:16 AM

ROOT LOGIN ATTEMPTS

Is there a way I can tell who is trying to log into one of my servers and is making too many attempts? This, of course, disables root logins and I have to go to the console to fix.
Is there a log somewhere that will show who is making the attempts? I have already looked in the sulog and btmp but with no avail.
Thanks for any/all help. And as always points will be assigned.
Andy
It is, after all, a matter of survival!!
0 Kudos
Reply
4 REPLIES 4
Rob Smith
Respected Contributor

‎06-25-2001 10:25 AM

‎06-25-2001 10:25 AM

Solution

Re: ROOT LOGIN ATTEMPTS

Hi, if you do a lastb -R it will tell you whose logins are failing and where they are trying to login from. Hope this helps.

Rob

Learn the rules so you can break them properly.
Reply
Patrick Wallek
Honored Contributor

‎06-25-2001 10:28 AM

‎06-25-2001 10:28 AM

Re: ROOT LOGIN ATTEMPTS

Do a 'lastb -R | grep root'

This should give you the info you want.
Reply
Andrew Luis Arruza
Frequent Advisor

‎06-25-2001 10:29 AM

‎06-25-2001 10:29 AM

Re: ROOT LOGIN ATTEMPTS

Rob,
I tried using lastb -R on root earlier but I did not notice at the time that it looked at btmp.
Can I assume that all the login attempts in lastb -R are the failures?
Thanks
It is, after all, a matter of survival!!
0 Kudos
Reply
Patrick Wallek
Honored Contributor

‎06-25-2001 10:35 AM

‎06-25-2001 10:35 AM

Re: ROOT LOGIN ATTEMPTS

lastb does display the bad login attempts.

Here is an excerpt from 'man lastb'

The lastb command searches backwards through the database file
/var/adm/btmp to display bad login information. Access to
/var/adm/btmp should be restricted to users with appropriate
privileges (owned by and readable only by root) because it may contain password information.
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.