OT: Capturing failed login attempts

Joe Chasan joe at magnatechonline.com
Mon Sep 12 14:10:11 PDT 2005


On Mon, Sep 12, 2005 at 02:55:29PM -0500, Lerebours, Jose wrote:
> Using SCO 5.0.6
> 
> Q. Where can I go to check for failed login attempts?
> Q. How can I make sure user does not use same passwd?
> Q. Is there a way to warn an user of password nearing
>    expiration?

there are a lot of such pre-defined reports available to you under
SCOADMIN --> SYSTEM --> SECURITY --> REPORTS MANAGER

much of this info is culled from /tcb/files/auth heirarchy, AFAIK, so 
if you wanted to write your own shell script to analyze this data from
the outside you'd have to study the contents/structure/fields for those
files.
 
> If I `grep` "failed" off /usr/adm/syslog, all I get is
> the IP address where the login was attempted.  I need 
> to know the user ID that failed.

as you heard back, usually only ssh failed login stuff goes there, and 
even that depends on how you configure your logging for it.  since you're 
using telnet to come in, telnetd does have a handful of options that you 
can play with (set in /etc/inetd.conf), but i've found most of them not 
very useful for what you are looking for or wholly (SP?) implemented.
 
--- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ---
-Joe Chasan-                      Magnatech Business Systems, Inc.
joe at magnatechonline.com           Hicksville, NY - USA
http://www.MagnatechOnline.com    Tel.(516) 931-4444/Fax.(516) 931-1264


More information about the Filepro-list mailing list