- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- set up auth.log /btmp for failed login attempts
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-23-2009 09:55 AM
10-23-2009 09:55 AM
set up auth.log /btmp for failed login attempts
1. does btmp capture all failed login attempts?
(currently an ID is getting locked but lastb -R is not repoting it, however if i do a failed login to the box it reports- wonder why?)
2. wonder what should be the entries in syslog.conf so that i make sure i log all (everything) unsuccessful logins (capture ip etc) in a seperate log (say)auth.log?
system is 11.0 trusted.
Please advise.
Brian
- Tags:
- btmps
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-23-2009 10:02 AM
10-23-2009 10:02 AM
Re: set up auth.log /btmp for failed login attempts
To enable logging of failed logins, touch (or otherwise create):
# /var/adm/btmp
# chown root:other /var/adm/btmp
# chmod 600 /var/adm/btmp
The _existence_ of this file enables the logging. Remove the file to disable logging.
Now, for those who 'su' from on account to another, look at:
# /var/adm/sulog
Unsuccessful transitions have a '-' in the foruth field; successful transitons have a '+' there. The transition from user-to-user is shown in the last column of the file.
Regards!
...JRF...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-23-2009 10:14 AM
10-23-2009 10:14 AM
Re: set up auth.log /btmp for failed login attempts
My btmp works fine. strangely for one id (which seems to lock itself) i am not getting the failed login details from btmp. If i puposely do a failed login it reports fine.
Thanks
Brian
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-09-2011 06:59 AM
09-09-2011 06:59 AM
Re: set up auth.log /btmp for failed login attempts
James,
If you're still out there, what about setting syslog.conf for :
auth.debug <logfile>
OR
auth.info <logfile>
OR
auth.notice <logfile>
where <logfile> is the syslog? if successful/nsuccessful logins can be handled w/the above, what's the lowest priority where BOTH would be logged .debug=7 .info=6 .notice=5 (at least I think that's their designated levels in the syslog.h file).
- Tags:
- syslog
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-09-2011 12:16 PM
09-09-2011 12:16 PM
Re: set up auth.log /btmp for failed login attempts
There have been a number of views. Don't everyone chime in at once, thx................