APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed

Login auditing

Sat Jun 19 18:51:20 2004 Login auditing

Posted by Tony Lawrence

Logging failed logins discusses some aspects of monitoring and logging login failures.

That's SCO related, but modern Windows systems can also track bad logins and incorrect password attempts.

Linux has a nice faillog command and lastb also (note that you need to create the "btmp" file first for "lastb" and faillog needs "faillog"). Neither of those record anything about ssh logins.

touch /var/log/btmp
touch /var/log/faillog

Faillog is a more complete management tool also.

The sshd (secure shell daemon) logs using syslog, but early versions didn't record unsuccessful logins for up to four attempts - effectively hiding password guessing attempts. Normally you'd find these in /var/log/messages and could extract them easily:

# grep "Failed password" messages Jun 19 14:17:52 mail sshd[17194]: Failed password for tony from port 2920 Jun 19 14:18:38 mail sshd[17199]: Failed password for tony from port 2933 Jun 19 14:19:10 mail sshd[17249]: Failed password for tony from port 2941 Jun 19 14:19:11 mail sshd[17249]: Failed password for tony from port 2941

Unix systems usually have the ability to lock out users or terminals after so many failed login attempts. In fact, accidental lockouts come up quite often on SCO systems: Command line unlock ttys and users- user login unlock. Linux systems can do the same thing with the PAM pam_tally module: http://www.baverstock.org.uk/tim/pam/index.html

Got something to add? Send me email.

Increase ad revenue 50-250% with Ezoic

More Articles by

Find me on Google+

© Tony Lawrence

Kerio Connect Mailserver

Kerio Samepage

Kerio Control Firewall

Have you tried Searching this site?

Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us

If Linux can skate by the patent and copyright issues, its growth in the corporate world will continue no matter what business dislikes about the GPL. (Tony Lawrence)

This post tagged: