OT: Capturing failed login attempts
Jay R. Ashworth
jra at baylink.com
Mon Sep 12 13:04:52 PDT 2005
On Mon, Sep 12, 2005 at 12:59:34PM -0700, Bill Campbell wrote:
> On Mon, Sep 12, 2005, Lerebours, Jose wrote:
> >Using SCO 5.0.6
> >Q. Where can I go to check for failed login attempts?
> >Q. How can I make sure user does not use same passwd?
> >Q. Is there a way to warn an user of password nearing
> > expiration?
> >
> >If I `grep` "failed" off /usr/adm/syslog, all I get is
> >the IP address where the login was attempted. I need
> >to know the user ID that failed.
>
> If you're using openssh for secure shell logins, you will see failed login
> attempts in the logs, complete with the login names tried.
Though, note that it's widely considered to be poor system
adminstration practice to log usernames in the log on failures, because
people get out of sync, and you end up with passwords in the log file.
Cheers,
-- jra
--
Jay R. Ashworth jra at baylink.com
Designer Baylink RFC 2100
Ashworth & Associates The Things I Think '87 e24
St Petersburg FL USA http://baylink.pitas.com +1 727 647 1274
"NPR has a lot in common with Nascar... we both turn to the left."
- Peter Sagal, on Wait Wait, Don't Tell Me!
More information about the Filepro-list
mailing list