martin@slsvax.harvard.edu (Pat "that's doctor to you" Martin) (08/23/90)
Hi... I'm currently trying to learn all I can about accounting within UNIX, but I find the manuals a bit difficult to sift through. I am trying to analyze system usage of our IRIS, and was wondering about logging of unsuccessful login attempts. Is this a standard function of the UNIX accounting software, or will I need to generate my own code? Thanks. ..pkm Patrick Martin martin@slsiris.harvard.edu
merlyn@iwarp.intel.com (Randal Schwartz) (08/24/90)
In article <3993@husc6.harvard.edu>, martin@slsvax (Pat "that's doctor to you" Martin) writes: | I'm currently trying to learn all I can about accounting within UNIX, but | I find the manuals a bit difficult to sift through. I am trying to analyze | system usage of our IRIS, and was wondering about logging of unsuccessful | login attempts. Is this a standard function of the UNIX accounting software, | or will I need to generate my own code? Most off-the-shelf unicies don't have such an option enabled. If you do alter /bin/login, remember the following IMPORTANT things: (1) don't save the name of an invalid user (2) don't save the cleartext of a bad password #2 is bad because it might be one-off from a good password #1 is bad because sometimes people get out of sync (network delays, not paying attention) and type a valid password at the login: prompt. So, what you're left with is: (1) user 'joe' successfully logged in (2) user 'joe' failed to log in (3) invalid username given If you record more than this (even if you say it's "only for sysadm eyes") you are inviting yourself into the danger zone, security-wise. (At that point, you might as well store your passwords as clear-text.) Hope this helps. I "wrote the book" on security for Tandem, if you want a reference. -- /=Randal L. Schwartz, Stonehenge Consulting Services (503)777-0095 ==========\ | on contract to Intel's iWarp project, Beaverton, Oregon, USA, Sol III | | merlyn@iwarp.intel.com ...!any-MX-mailer-like-uunet!iwarp.intel.com!merlyn | \=Cute Quote: "Welcome to Portland, Oregon, home of the California Raisins!"=/
friedl@mtndew.Tustin.CA.US (Steve Friedl) (08/24/90)
> I'm currently trying to learn all I can about accounting within UNIX, but > I find the manuals a bit difficult to sift through. I am trying to analyze > system usage of our IRIS, and was wondering about logging of unsuccessful > login attempts. Gee, Len Rose just might have some software to help you with this :-) Steve -- Stephen J. Friedl, KA8CMY / Software Consultant / Tustin, CA / 3B2-kind-of-guy +1 714 544 6561 / friedl@mtndew.Tustin.CA.US / {uunet,attmail}!mtndew!friedl Q - Why do environmentals like fusion power so much? A - We don't have it yet
len@lsicom2.UU.NET (Len Rose) (08/28/90)
friedl@mtndew.Tustin.CA.US (Steve Friedl) writes: >> I'm currently trying to learn all I can about accounting within UNIX, but >> I find the manuals a bit difficult to sift through. I am trying to analyze >> system usage of our IRIS, and was wondering about logging of unsuccessful >> login attempts. >Gee, Len Rose just might have some software to help you with this :-) > Steve >-- >Stephen J. Friedl, KA8CMY / Software Consultant / Tustin, CA / 3B2-kind-of-guy >+1 714 544 6561 / friedl@mtndew.Tustin.CA.US / {uunet,attmail}!mtndew!friedl Gee, Steve... I didn't expect this sort of comment from you. Perhaps it wouldn't be so humorous if it had happened to you. I made modifications to /bin/login for the exact reason this person did. My only mistake was in who I alledgedly gave it to. The modifications to /bin/login were trivial to make. But, lest you invite the Secret Service upon you, make sure you have authorization from the people who own the system before installing it. Len len@cis.ohio-state.edu len@netsys.com (in the hands of the SS) uunet!lsicom2!len