System Security: Tracking unsuccessful logins
Randal Schwartz
merlyn at iwarp.intel.com
Fri Aug 24 03:29:18 AEST 1990
In article <3993 at husc6.harvard.edu>, martin at slsvax (Pat "that's doctor to you" Martin) writes:
| I'm currently trying to learn all I can about accounting within UNIX, but
| I find the manuals a bit difficult to sift through. I am trying to analyze
| system usage of our IRIS, and was wondering about logging of unsuccessful
| login attempts. Is this a standard function of the UNIX accounting software,
| or will I need to generate my own code?
Most off-the-shelf unicies don't have such an option enabled.
If you do alter /bin/login, remember the following IMPORTANT things:
(1) don't save the name of an invalid user
(2) don't save the cleartext of a bad password
#2 is bad because it might be one-off from a good password
#1 is bad because sometimes people get out of sync (network delays,
not paying attention) and type a valid password at the login: prompt.
So, what you're left with is:
(1) user 'joe' successfully logged in
(2) user 'joe' failed to log in
(3) invalid username given
If you record more than this (even if you say it's "only for sysadm
eyes") you are inviting yourself into the danger zone, security-wise.
(At that point, you might as well store your passwords as clear-text.)
Hope this helps. I "wrote the book" on security for Tandem, if you
want a reference.
--
/=Randal L. Schwartz, Stonehenge Consulting Services (503)777-0095 ==========\
| on contract to Intel's iWarp project, Beaverton, Oregon, USA, Sol III |
| merlyn at iwarp.intel.com ...!any-MX-mailer-like-uunet!iwarp.intel.com!merlyn |
\=Cute Quote: "Welcome to Portland, Oregon, home of the California Raisins!"=/
More information about the Comp.unix.wizards
mailing list