12-13-2006
well we use a firewall to do most of our protection, however have you looked at:
smit user
Reset User's Failed Login Count
then or...
chsec -f /etc/security/lastlog -a "unsuccessful_login_count=0" -s 'kmj'
view /etc/security/lastlog
/kmj
kmj:
time_last_login = 1156789317
tty_last_login = /dev/pts/42
host_last_login = valued-827c7724
unsuccessful_login_count = 5
time_last_unsuccessful_login = 1166039821
tty_last_unsuccessful_login = /dev/pts/16
host_last_unsuccessful_login = user.domain.com
I know this will lock down your telnet users that fail to many times. sorry no ideas on the IP based.
9 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
Hi,
I notice in my Sun Solaris 8 sparc workstation, if I failed my login in the 5th time, I will be closed the connection from the host.
I want to make 3 times. That is, if user fails to login with 3 attempts, he will be closed the connection.
How to do it? Of course I am the admin of the... (2 Replies)
Discussion started by: champion
2 Replies
2. Solaris
I am wondering if solaris captures id's associated w/invalid login attempts?
when I try to login as "test1" several (3-5) times, I do not find any userID info under "/var/adm" files:
utmpx
wtmpx
messages
lastlog
Is there another location/log I should be checking?
Is it necessary for... (6 Replies)
Discussion started by: mr_manny
6 Replies
3. AIX
Hi,
I have created the below ftp script to put files over to our capacity server, the check at the end works if ftp fails to run however if the script cannot login or the transfer itself failed there is no warnings.
Does anyone know the syntax to trap the erorr codes or to put a check within... (3 Replies)
Discussion started by: chlawren
3 Replies
4. Solaris
Hi,
I want to sent number of login attempts ,so that after that much attempts user account should be locked on solaris 10 (2 Replies)
Discussion started by: manoj.solaris
2 Replies
5. AIX
How can I see the number of invalid login attempts of a user?
Thanks, (9 Replies)
Discussion started by: agasamapetilon
9 Replies
6. UNIX for Dummies Questions & Answers
Dear experts,
I am seeing a lot of TCP failed connection attempts from "netstat -s" on one of our servers.
How can I pin point what connection failed and what are the ports involved?
Any tools/commands I can dig in deeper to diag. what went wrong on these "failed connection attempts"?
... (2 Replies)
Discussion started by: cache51
2 Replies
7. Solaris
Hey all I'm having a big problem here. Someone is attempting an SSH to a destination host on which an account resides and locking the account. I'm trying to determine who is performing the SSH attempts from my host. For instance they're logged in as their standard account but then (I'm assuming)... (13 Replies)
Discussion started by: MaindotC
13 Replies
8. Cybersecurity
I'm stumped on an issue I'm having with RSA key based SSH logons.
I have 30 servers in a database cluster. They are all Red Hat Enterprise Linux Server release 6.4.
I want to be able to run a command on all of them from any one of them using SSH.
I generated private and public keys on... (1 Reply)
Discussion started by: derndingle
1 Replies
9. Cybersecurity
The purpose of this thread is for everyone to follow the same methodology so we can create a future table, for the benefit of all, that shows how many failed login attempts (hacking) per day per server (and per minute) are happening.
This is not a thread on writing scripts or creating... (10 Replies)
Discussion started by: Neo
10 Replies
LEARN ABOUT CENTOS
lastlog
LASTLOG(8) System Management Commands LASTLOG(8)
NAME
lastlog - reports the most recent login of all users or of a given user
SYNOPSIS
lastlog [options]
DESCRIPTION
lastlog formats and prints the contents of the last login log /var/log/lastlog file. The login-name, port, and last login time will be
printed. The default (no flags) causes lastlog entries to be printed, sorted by their order in /etc/passwd.
OPTIONS
The options which apply to the lastlog command are:
-b, --before DAYS
Print only lastlog records older than DAYS.
-h, --help
Display help message and exit.
-R, --root CHROOT_DIR
Apply changes in the CHROOT_DIR directory and use the configuration files from the CHROOT_DIR directory.
-t, --time DAYS
Print the lastlog records more recent than DAYS.
-u, --user LOGIN|RANGE
Print the lastlog record of the specified user(s).
The users can be specified by a login name, a numerical user ID, or a RANGE of users. This RANGE of users can be specified with a min
and max values (UID_MIN-UID_MAX), a max value (-UID_MAX), or a min value (UID_MIN-).
If the user has never logged in the message ** Never logged in** will be displayed instead of the port and time.
Only the entries for the current users of the system will be displayed. Other entries may exist for users that were deleted previously.
NOTE
The lastlog file is a database which contains info on the last login of each user. You should not rotate it. It is a sparse file, so its
size on the disk is usually much smaller than the one shown by "ls -l" (which can indicate a really big file if you have in passwd users
with a high UID). You can display its real size with "ls -s".
FILES
/var/log/lastlog
Database times of previous user logins.
CAVEATS
Large gaps in UID numbers will cause the lastlog program to run longer with no output to the screen (i.e. if in lastlog database there is
no entries for users with UID between 170 and 800 lastlog will appear to hang as it processes entries with UIDs 171-799).
shadow-utils 4.1.5.1 05/25/2012 LASTLOG(8)