Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Another question for tracking failed logins via script
Top Forums Shell Programming and Scripting Another question for tracking failed logins via script Post 302388104 by frans on Tuesday 19th of January 2010 12:12:22 PM
Old 01-19-2010
There are some tools to track failed logins in ssh : denyhosts and fail2ban.
The first one tracks unsuccessful logins in /var/log/auth.log (but you can specify another file) and puts the incriminated IP in /etc/hosts.deny (after a number of tries) you can also specify your own commands to be executed.
It manages a couple of files : user-valid, user-invalid, hosts-valid, hosts-invalid...
Maybe that can be a kind of interest for you.
 

10 More Discussions You Might Find Interesting

1. HP-UX

limiting failed logins to three

I have tried limiting failed logins to three by the following method logins -ox \ | awk -F: '($8 != "LK" && $1 != "root") { print $1 }' \ | while read logname; do /usr/lbin/modprpw -m umaxlntr=3 "$logname" done /usr/lbin/modprdef -m umaxlntr=3 but it is failing on the 4th... any ideas?... (1 Reply)
Discussion started by: csaunders
1 Replies

2. Shell Programming and Scripting

Script for tracking from directory to file

Hi , I am pretty new to scripting, and I trying to write a script which is not working as I expect to .... I am trying to write a script which starts from top directory and tracks all the folders and sub-folders till it reaches a file and gives the list of files as output for a given... (2 Replies)
Discussion started by: Rahul00000
2 Replies

3. Shell Programming and Scripting

Shell script in tracking both the passed and failed login in a unix server

Can you help me in providing the following output or a quite similar to this from a shell script ? *** Logins Summary Information ***** ---------------------------------- Failed Login Attempts for Invalid Accounts Date Time IP-ADD Account ... (0 Replies)
Discussion started by: linuxgeek
0 Replies

4. Shell Programming and Scripting

Last two logins script

This is the contents of my file: donald.duck 12/07/2009 12:07:58 donald.duck 12/07/2009 12:17:36 donald.duck 12/07/2009 12:22:29 donald.duck 12/07/2009 12:26:39 donald.duck 12/07/2009 12:28:01 mickey.mouse 12/07/2009 12:48:49 mickey.mouse 12/07/2009 12:49:33 mickey.mouse 12/07/2009... (3 Replies)
Discussion started by: diallo0024
3 Replies

5. Shell Programming and Scripting

Help with shell script which logins to hosts

By a shell script When I am logging into hosts one by one with ssh. I am getting below message. Pseudo-terminal will not be allocated because stdin is not a terminal. stty: : Invalid argument stty: : Invalid argument Can you please suggest what should I do to stop this? ... (10 Replies)
Discussion started by: KuldeepSinghTCS
10 Replies

6. Shell Programming and Scripting

Run a script in two differnt logins

Hi, I need to run a script in two different login's in the same server, but it is running only in one login, i have used the corresponding PATH for each login, but still it says " not authorized to put msg in queue". (2 Replies)
Discussion started by: savithavijay
2 Replies

7. AIX

AIX ftp/sftp script monitor to failed logins

Hi All, Any idea on how to write a script on AIX 5.3 to monitor ftp or sftp login failed. Thanks and more power, Itik (2 Replies)
Discussion started by: itik
2 Replies

8. Solaris

Solaris logs - Tracking failed attempts from my host

Hey all I'm having a big problem here. Someone is attempting an SSH to a destination host on which an account resides and locking the account. I'm trying to determine who is performing the SSH attempts from my host. For instance they're logged in as their standard account but then (I'm assuming)... (13 Replies)
Discussion started by: MaindotC
13 Replies

9. Solaris

loginlog not registering failed logins

Hello guys, I made a loginlog file to register failed login attempts on my sun-blade 1500 server ( just studying at home) . The code below is how I created the file : # touch /var/adm/loginlog # chmod 600 /var/adm/loginlog # chgrp sys /var/adm/loginlog After creating the file, I... (1 Reply)
Discussion started by: cjashu
1 Replies

10. Shell Programming and Scripting

Tracking change inside the script

we have more then 10 jobs scheduled in cronjob.. but we can see some of the script has been changed without any notification.. can we write any script which captures any changes inside the scripts with time of change and user name like .. or any other option apart from this ?? Plz help .. (4 Replies)
Discussion started by: netdbaind
4 Replies

LEARN ABOUT V7

hosts.equiv

HOSTS.EQUIV(5)						     Linux Programmer's Manual						    HOSTS.EQUIV(5)

NAME

       hosts.equiv - list of hosts and users that are granted "trusted" r command access to your system

DESCRIPTION

       The file /etc/hosts.equiv allows or denies hosts and users to use the r-commands (e.g., rlogin, rsh, or rcp) without supplying a password.

       The file uses the following format:

       +|[-]hostname|+@netgroup|-@netgroup [+|[-]username|+@netgroup|-@netgroup]

       The  hostname  is  the  name  of a host which is logically equivalent to the local host.  Users logged into that host are allowed to access
       like-named user accounts on the local host without supplying a password.  The hostname may be (optionally) preceded by a plus (+) sign.	If
       the  plus sign is used alone, it allows any host to access your system.	You can explicitly deny access to a host by preceding the hostname
       by a minus (-) sign.  Users from that host must always supply additional credentials, including possibly a password. For  security  reasons
       you should always use the FQDN of the hostname and not the short hostname.

       The  username  entry grants a specific user access to all user accounts (except root) without supplying a password.  That means the user is
       NOT restricted to like-named accounts.  The username may be (optionally) preceded by a plus (+) sign.  You can also explicitly deny  access
       to  a  specific	user by preceding the username with a minus (-) sign.  This says that the user is not trusted no matter what other entries
       for that host exist.

       Netgroups can be specified by preceding the netgroup by an @ sign.

       Be extremely careful when using the plus (+) sign.  A simple typographical error could result in a standalone plus sign.  A standalone plus
       sign is a wildcard character that means "any host"!

FILES

       /etc/hosts.equiv

NOTES

       Some systems will honor the contents of this file only when it has owner root and no write permission for anybody else.	Some exceptionally
       paranoid systems even require that there be no other hard links to the file.

       Modern systems use the Pluggable Authentication Modules library (PAM).  With PAM a standalone plus sign is considered a wildcard  character
       which  means  "any  host"  only	when  the word promiscuous is added to the auth component line in your PAM file for the particular service
       (e.g., rlogin).

EXAMPLE

       Below are some example /etc/host.equiv or ~/.rhosts files.

       Allow any user to log in from any host:

	   +

       Allow any user from host with a matching local account to log in:

	   host

       Note: the use of +host is never a valid syntax, including attempting to specify that any user from the host is allowed.

       Allow any user from host to log in:

	   host +

       Note: this is distinct from the previous example since it does not require a matching local account.

       Allow user from host to log in as any non-root user:

	   host user

       Allow all users with matching local accounts from host to log in except for baduser:

	   host -baduser
	   host

       Deny all users from host:

	   -host

       Note: the use of -host -user is never a valid syntax, including attempting to specify that a particular user from the host is not trusted.

       Allow all users with matching local accounts on all hosts in a netgroup:

	   +@netgroup

       Disallow all users on all hosts in a netgroup:

	   -@netgroup

       Allow all users in a netgroup to log in from host as any non-root user:

	   host +@netgroup

       Allow all users with matching local accounts on all hosts in a netgroup except baduser:

	   +@netgroup -baduser
	   +@netgroup

       Note: the deny statements must always precede the allow statements because the file is processed sequentially until the first matching rule
       is found.

SEE ALSO

       rhosts(5), rlogind(8), rshd(8)

COLOPHON

       This  page is part of release 4.15 of the Linux man-pages project.  A description of the project, information about reporting bugs, and the
       latest version of this page, can be found at https://www.kernel.org/doc/man-pages/.

Linux								    2015-07-23							    HOSTS.EQUIV(5)
All times are GMT -4. The time now is 02:25 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy