OT: Capturing failed login attempts
Joe Chasan
joe at magnatechonline.com
Mon Sep 12 14:10:11 PDT 2005
On Mon, Sep 12, 2005 at 02:55:29PM -0500, Lerebours, Jose wrote:
> Using SCO 5.0.6
>
> Q. Where can I go to check for failed login attempts?
> Q. How can I make sure user does not use same passwd?
> Q. Is there a way to warn an user of password nearing
> expiration?
there are a lot of such pre-defined reports available to you under
SCOADMIN --> SYSTEM --> SECURITY --> REPORTS MANAGER
much of this info is culled from /tcb/files/auth heirarchy, AFAIK, so
if you wanted to write your own shell script to analyze this data from
the outside you'd have to study the contents/structure/fields for those
files.
> If I `grep` "failed" off /usr/adm/syslog, all I get is
> the IP address where the login was attempted. I need
> to know the user ID that failed.
as you heard back, usually only ssh failed login stuff goes there, and
even that depends on how you configure your logging for it. since you're
using telnet to come in, telnetd does have a handful of options that you
can play with (set in /etc/inetd.conf), but i've found most of them not
very useful for what you are looking for or wholly (SP?) implemented.
--- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ---
-Joe Chasan- Magnatech Business Systems, Inc.
joe at magnatechonline.com Hicksville, NY - USA
http://www.MagnatechOnline.com Tel.(516) 931-4444/Fax.(516) 931-1264
More information about the Filepro-list
mailing list