- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - Linux
- >
- Re: User Locked Out Log
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-10-2005 10:37 AM
тАО10-10-2005 10:37 AM
User Locked Out Log
I am using HP UX11.0. For auditing purposes, I really like to find out how often each user exceed the login attempt (ie. Locked out). Is there any log available? or is there anyway we can capture the information using scripts?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-10-2005 10:45 AM
тАО10-10-2005 10:45 AM
Re: User Locked Out Log
That might show locked users.
A script that reads /var/adm/btmp will get you a list of users that have failed login too many times.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-10-2005 11:21 AM
тАО10-10-2005 11:21 AM
Re: User Locked Out Log
There are mainly 3 files which contains the login informations.
/etc/utmp --contains a record of all users logged onto the system
/var/adm/btmp--contains bad login entries for each invalid logon attempt
/var/adm/wtmp--contains a record of all logins and logouts
Also from /var/adm/syslog/syslog u can get the information of the users logged into to the server or failed logon attempts.
Regards
CS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-10-2005 12:49 PM
тАО10-10-2005 12:49 PM
Re: User Locked Out Log
My real problem is, I can't tell how many time a user been locked in a month. I can capture how many bad password entered during the month but I can't tell how many time they been locked out.
passwd -sa can tell me who are the user currently locked out but can't tell me from the history point of view.
I need to know so I can tell whether intruder was attempting to login.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-10-2005 01:02 PM
тАО10-10-2005 01:02 PM
Re: User Locked Out Log
Actually you can get the information that you want by combine both information (from 'utmp, btmp and wtmp' and 'passwd -sa').
From here, at least you will find the trend which user is 'always' forgot about his/her password.
Because the different between 'the intruder was attempting to login' and 'the user that always forgot about their password' is very little. But you can prevent this by looking on the fact, one of them is by looking on the trend.
Hope this information can help you.
Cheers,
AW