Set the auth.info facility.level in /etc/syslog.conf and point it to a log (/var/log/authlog for example). Ensure the log file exists. Restart syslog and attempt the log in.
Hi,
I notice in my Sun Solaris 8 sparc workstation, if I failed my login in the 5th time, I will be closed the connection from the host.
I want to make 3 times. That is, if user fails to login with 3 attempts, he will be closed the connection.
How to do it? Of course I am the admin of the... (2 Replies)
Hi. I would like to be able to deny IP address for too many failed login attemps (either from ssh, sftp, ftp, etc). The system I wish this to work on is an AIX 5.1 system. I'm new to AIX but I'm a linux user. There is a program for linux called fail2ban which reads from the log files and see if... (1 Reply)
Does anyone have a good script / cron job that handles this?
I have looked in smit and see it is clearing this count with:
chsec -f /etc/security/lastlog -a "unsuccessful_login_count=0" -s '{userid}'
However when I looked around to find ways to automate this I have not found an easy... (0 Replies)
I'm stumped on an issue I'm having with RSA key based SSH logons.
I have 30 servers in a database cluster. They are all Red Hat Enterprise Linux Server release 6.4.
I want to be able to run a command on all of them from any one of them using SSH.
I generated private and public keys on... (1 Reply)
Hi there,
In Solaris 8.
I have accidentally set the eeprom security-mode=command because I followed the CIS benchmark guideline. Initally, it was eeprom security-mode=none. I have tried to login with the correct password numerous time and it still say permission denied.
I have tried to login... (4 Replies)
The purpose of this thread is for everyone to follow the same methodology so we can create a future table, for the benefit of all, that shows how many failed login attempts (hacking) per day per server (and per minute) are happening.
This is not a thread on writing scripts or creating... (10 Replies)
Discussion started by: Neo
10 Replies
LEARN ABOUT REDHAT
faillog
FAILLOG(8) System Manager's Manual FAILLOG(8)NAME
faillog - examine faillog and set login failure limits
SYNOPSIS
faillog [-u login-name] [-a] [-t days]
[-m max] [-pr]
DESCRIPTION
faillog formats the contents of the failure log, /var/log/faillog, and maintains failure counts and limits. The order of the arguments to
faillog is significant. Each argument is processed immediately in the order given.
The -p flag causes failure entries to be printed in UID order. Entering -u login-name flag will cause the failure record for login-name
only to be printed. Entering -t days will cause only the failures more recent than days to be printed. The -t flag overrides the use of
-u. The -a flag causes all users to be selected. When used with the -p flag, this option selects all users who have ever had a login
failure. It is meaningless with the -r flag.
The -r flag is used to reset the count of login failures. Write access to /var/log/faillog is required for this option. Entering -u
login-name will cause only the failure count for login-name to be reset.
The -m flag is used to set the maximum number of login failures before the account is disabled. Write access to /var/log/faillog is
required for this option. Entering -m max will cause all accounts to be disabled after max failed logins occur. This may be modified with
-u login-name to limit this function to login-name only. Selecting a max value of 0 has the effect of not placing a limit on the number of
failed logins. The maximum failure count should always be 0 for root to prevent a denial of services attack against the system.
Options may be combined in virtually any fashion. Each -p, -r, and -m option will cause immediate execution using any -u or -t modifier.
CAVEATS
faillog only prints out users with no successful login since the last failure. To print out a user who has had a successful login since
their last failure, you must explicitly request the user with the -u flag, or print out all users with the -a flag.
Some systems may replace /var/log with /var/adm or /usr/adm.
FILES
/var/log/faillog - failure logging file
SEE ALSO login(1), faillog(5)AUTHOR
Julianne Frances Haugh (jockgrrl@ix.netcom.com)
FAILLOG(8)