root@ozdaltx.UUCP (root) (11/16/89)
SCO XENIX V 2.2.3 - 286 Does anyone know if there is a way to log attempted logins using the SCO supplied version of login? I'd like to be able to track attempts to gain access to the system. (mistakes, U/L case names, etc). Thanks Scotty AIDS INFORMATION EXCHANGE BBS (214) 247-2367/247-5609 "Education is the best weapon" {ames,rutgers,texsun,smu}!attctc!ozdaltx!sysop
chip@vector.Dallas.TX.US (Chip Rosenthal) (11/16/89)
In article <5724@ozdaltx.UUCP> root@ozdaltx.UUCP (root) writes: >Does anyone know if there is a way to log attempted logins using the >SCO supplied version of login? I'd like to be able to track attempts >to gain access to the system. (mistakes, U/L case names, etc). John Haugh's <jfh@rpp386> login program kind of does this, but not exactly what you ask for. It is available in the comp.sources.misc archives and via anon uucp on rpp386. The problem is that the sort of mistakes you mention are a *big* security problem. The common login mistakes provide enough information to (more) easily intuit/derive the proper username/password. Are you willing to guarantee that your log file or system console are 100% secured? If not, then you don't want this sort of thing. The most common reason for logging failures is trying to detect attempts at cracking an account. This information may be provided by just noting the bad login attempts made upon a valid username. That's what jfh's login does. Errr...make that optionally does...the config defs file for this thing is really a monster :-) Fer example, it will also optionally disable the account if a sysadmin-programmed threshold is exceeded. A couple of comments: 1) I have run this program under SCO XENIX 2.3 |just fine|. 2) If you should want to do some of these philosophically repugnant things, go ahead. You've got source. (One thing I liked about having the source is that I could provide a better tailored environment from "login" and "su".) 3) When the topic of login came up a few weeks back, I got a message from somebody at SCO saying that a third-party login probably would not work with SCO UNIX due to security (mis)features. Haven't tried it myself, but it's scary to think that there is something about the system which would prevent it. -- Chip Rosenthal / chip@vector.Dallas.TX.US / Dallas Semiconductor / 214-450-5337 Someday the whole country will be one vast "Metroplex" - Zippy's friend Griffy ===> addr changes 11/22 to "chip@chinacat.Lonestar.ORG" (texbell!chinacat!chip)