login log
Chip Rosenthal
chip at vector.Dallas.TX.US
Thu Nov 16 14:24:19 AEST 1989
In article <5724 at ozdaltx.UUCP> root at ozdaltx.UUCP (root) writes:
>Does anyone know if there is a way to log attempted logins using the
>SCO supplied version of login? I'd like to be able to track attempts
>to gain access to the system. (mistakes, U/L case names, etc).
John Haugh's <jfh at rpp386> login program kind of does this, but not exactly
what you ask for. It is available in the comp.sources.misc archives and
via anon uucp on rpp386.
The problem is that the sort of mistakes you mention are a *big* security
problem. The common login mistakes provide enough information to (more)
easily intuit/derive the proper username/password. Are you willing to
guarantee that your log file or system console are 100% secured? If not,
then you don't want this sort of thing.
The most common reason for logging failures is trying to detect attempts
at cracking an account. This information may be provided by just noting
the bad login attempts made upon a valid username. That's what jfh's
login does. Errr...make that optionally does...the config defs file for
this thing is really a monster :-) Fer example, it will also optionally
disable the account if a sysadmin-programmed threshold is exceeded.
A couple of comments:
1) I have run this program under SCO XENIX 2.3 |just fine|.
2) If you should want to do some of these philosophically repugnant
things, go ahead. You've got source. (One thing I liked about having
the source is that I could provide a better tailored environment from
"login" and "su".)
3) When the topic of login came up a few weeks back, I got a message
from somebody at SCO saying that a third-party login probably would
not work with SCO UNIX due to security (mis)features. Haven't tried
it myself, but it's scary to think that there is something about the
system which would prevent it.
--
Chip Rosenthal / chip at vector.Dallas.TX.US / Dallas Semiconductor / 214-450-5337
Someday the whole country will be one vast "Metroplex" - Zippy's friend Griffy
===> addr changes 11/22 to "chip at chinacat.Lonestar.ORG" (texbell!chinacat!chip)
More information about the Comp.unix.xenix
mailing list