HPE Community
Operating System - HP-UX
1856521 Members
6431 Online
104113 Solutions
New Discussion

Re: unknown user-id login count limit

 
SOLVED
Go to solution
Melody Pulling
Occasional Contributor

‎09-09-2003 08:48 AM

‎09-09-2003 08:48 AM

unknown user-id login count limit

Is there a way to set a limit on the number of times an unknown user-id (does not exist) tries to log in? Similiar to the failed login count for a known user-id...

Thank you!
Melody
0 Kudos
Reply
6 REPLIES 6
Steven E. Protter
Exalted Contributor

‎09-09-2003 08:55 AM

‎09-09-2003 08:55 AM

Re: unknown user-id login count limit

You should not let an unknown user log in at all, but her goes.

Find out what ip address they are logging into.

inetd -l

That will enhance logging.

look at /var/adm/syslog/syslog.log

Then create or modify a file called

/var/adm/inetd.sec

Block access to that IP address.

I'm attaching my file so you can see the syntax. It has been purified.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Mark Grant
Honored Contributor

‎09-09-2003 08:55 AM

‎09-09-2003 08:55 AM

Re: unknown user-id login count limit

I think the problem here is what are you going to do when you reach this limit? Are you going to stop putting a "login" message on the screen, are you going to disable the terminal.

I don't think you can do what you are asking here simply because I'm not sure there isn't much you can do with the information, you can't lock the account because there isn't one and you can't log them out as they aren't logged in.

I may be missing something obvious though.
Never preceed any demonstration with anything more predictive than "watch this"
0 Kudos
Reply
Pete Randall
Outstanding Contributor

‎09-09-2003 08:56 AM

‎09-09-2003 08:56 AM

Re: unknown user-id login count limit

Melody,

If it's an unknown user id (by this I assume you mean that it does not exist in the password file/database), then it never gets logged in - why would you care?


Pete


Pete
0 Kudos
Reply
Melody Pulling
Occasional Contributor

‎09-09-2003 09:14 AM

‎09-09-2003 09:14 AM

Re: unknown user-id login count limit

Sorry for any confusion. We are trying to address an audit item. Urf, I didn't state the "why" and "result" we are looking for. Should an unknown user-id (does not exist in passwd file) try to log in more than 3 times, say via telnet, their telnet session should be terminated. The default seems to be 10 failed attempts before their session is terminated.

For a known user we have it set to 3 failed attempts but the result is that their account is then locked.

0 Kudos
Reply
Mark Grant
Honored Contributor

‎09-09-2003 09:26 AM

‎09-09-2003 09:26 AM

Solution

Re: unknown user-id login count limit

This is going to be really tough. You may be able to get the info from the syslog but you somehow have got to get the "login" program to do the counting, Then you have to kill the associated telnetd which might be a bit tricky too because you can't key on ip address as there might be several people using the same ip address to telnet to you some of whom may be legit.

The only way I can see this being possible is to write your own "login".

To be honest, what's the point anyway, you can kill the telnet session but that doesn't stop them telnetting right back to you.
Never preceed any demonstration with anything more predictive than "watch this"
Reply
Melody Pulling
Occasional Contributor

‎09-09-2003 09:38 AM

‎09-09-2003 09:38 AM

Re: unknown user-id login count limit

Thank you ALL very much for your time and replies.

Mark,

Thank you! That is what I thought but had to confirm it for our auditing department.

:-)

Have a great day.
Melody
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.