Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Maximum unsuccessful attempts in unix
Top Forums UNIX for Dummies Questions & Answers Maximum unsuccessful attempts in unix Post 302579792 by methyl on Tuesday 6th of December 2011 03:14:09 PM
Old 12-06-2011
Until we know what Operating System you have, this is guesswork. There are proprietary security mechanisms and various connection mechanisms to connect to a unix server. There is no generic answer for all "unix".

For a basic "telnet" connection (where allowed by local rules) a general answer is to read "man login" (It's specific to the machine).
The "telnet" login process is designed to be immune to brute force attack and will not accept typeahead or multiple failed passwords before getting slower and slower to respond and then dropping the connection. You will know that the unix "last" command gives a history of successful logins, but when properly configured the unix "lastb" command gives a history of unsuccessful logins (including the source IP address).

Personally I have never heard the term "blocked users" in the context of unix or Windows Systems Administration (though I can guess what it means).
I do routinely "lock" unix accounts (see "man passwd") and "disable" Microsoft Windows accounts.


Hmm. Sounds like interview questions ... or maybe awkward questions from an auditor?
Last edited by methyl; 12-06-2011 at 04:27 PM.. Reason: refining and typos and unsuccessful spelling
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Unsuccessful compilation of TOP s/w

Hi, I did the following : /usr/local/bin/gcc -DHAVE_GETOPT -DORDER -DHAVE_STRERROR -c top.c and I got these error messages : /usr/ccs/bin/as: "/var/tmp/ccZcR4Mm.s", line 1936: error: unknown opcode ".subsection" /usr/ccs/bin/as: "/var/tmp/ccZcR4Mm.s", line 1936: error: statement... (1 Reply)
Discussion started by: dawn_lwf
1 Replies

2. UNIX for Advanced & Expert Users

Maximum 3 login attempts

Hi, I notice in my Sun Solaris 8 sparc workstation, if I failed my login in the 5th time, I will be closed the connection from the host. I want to make 3 times. That is, if user fails to login with 3 attempts, he will be closed the connection. How to do it? Of course I am the admin of the... (2 Replies)
Discussion started by: champion
2 Replies

3. UNIX for Dummies Questions & Answers

user password keeps "unsuccessful attempts"

i had a user who informed that when he tried to login he got this " too many unsuccessful attepmpts" this has happened regularly and he did not forget his password. i suspect that somebody tried to change. so i did some checks. i did a last, and found that nobody uses this sipo other than... (8 Replies)
Discussion started by: yls177
8 Replies

4. UNIX for Advanced & Expert Users

Unix and the maximum number of processes under a 386 box.

Hi ! I would like to know if Unix could launch more than 8192 processes , which is the maximum number of LDTs on a 386 box. Is this done by swapping some memory on the disk ? Thanks for your answers. (0 Replies)
Discussion started by: krhamidou
0 Replies

5. UNIX for Dummies Questions & Answers

Maximum size of a file in unix

What's the maximum file size supported by unix. (3 Replies)
Discussion started by: nagalenoj
3 Replies

6. UNIX for Dummies Questions & Answers

what is the maximum length of th os-command line in Unix.

Hi All, I didn't find any thread that match this question so I hope it's not redundant. I am totally new to Unix. I want to know what is the maximum length of the os-commandline in Unix. Will it cause any problem if I run any application whose total path length is much longer than 256... (2 Replies)
Discussion started by: kumardesai
2 Replies

7. UNIX for Dummies Questions & Answers

Unix shell script for finding top ten files of maximum size

I need to write a Unix shell script which will list top 10 files in a directory tree on basis of size. i.e. first file should be the biggest in the whole directory and all its sub directories. Please suggest any ideas (10 Replies)
Discussion started by: abhilashnair
10 Replies

8. Shell Programming and Scripting

swremove unsuccessful case handling

i am using the command "swremove productname".... How can i check the unsucceful condition?.... i want to say "if unsuccessful display that message to the user and exit".... Can anu one help me??.... i am coding in this script for the first time so please dont mind... THanks (1 Reply)
Discussion started by: rag84dec
1 Replies

9. Shell Programming and Scripting

what is the maximum length of a unix shell variable which can be can passed to plsql

what is the maximum length of a unix shell variable which can be can passed to plsql variable:( (1 Reply)
Discussion started by: alokjyotibal
1 Replies

10. UNIX for Dummies Questions & Answers

How to get successful/unsuccessful FTP logs in UNIX

Hi, We have one UNIX Server (Sun Solaris), and the files coming to this server from another server. The problem is, that server is continously sending files to our server via FTP. But the observation is that some files missing in our Server but in that server it shows the files FTPed... (2 Replies)
Discussion started by: vikash.rastogi
2 Replies

LEARN ABOUT OSF1

ttys

ttys(4) 						     Kernel Interfaces Manual							   ttys(4)

NAME

       ttys - Terminal control database file  (Enhanced Security)

DESCRIPTION

									  Notes
       The  secure  terminal  database file, /etc/securettys, controls root logins for all security levels.  The file is described in the securet-
       tys(4) reference page.

       By default, the enhanced security terminal control information is stored in database format (ttys.db).  The information was formerly stored
       in  the	ttys  file  and is converted to database format in an update installation.  The convauth utility converts an existing ttys file to
       database format.

       The enhanced security terminal control database (ttys.db) contains an entry for each terminal or X displayname that can be used for logging
       in.  It supports wildcarding of the entire terminal name or displayname only.  Authentication programs use information in the terminal con-
       trol database to determine if a	login  is  permitted  on  the  specified  terminal.   Information  from  the  device  assignment  database
       (/etc/auth/system/devassign)  can  also	affect terminal login permissions.  Successful and unsuccessful login attempts on the terminal are
       optionally recorded in the terminal control database, and the information can be used to disable terminal logins when breakin attempts  are
       suspected.

       The  /usr/tcb/bin/dxdevices  GUI  provides a way to create terminal control database entries and to alter the system default values for the
       fields.	The edauth utility can also be used to display and modify terminal control database entries.

       A terminal control database entry consists of keyword field identifiers and values for those fields.  If a necessary value is not specified
       in  an  entry,  a default value for the field is supplied from the system default file (/etc/auth/system/default).  For more information on
       the field format, see the authcap(4) reference page.

       The following keyword field identifiers are supported: This field defines the terminal device name for the entry. The system  expects  that
       terminal devices are in the /dev directory and therefore this prefix should not be specified. If the terminal entry describes the /dev/tty1
       device, the t_devname field should contain tty1.  This field is ignored if it is set in a template or in the default database.  This  field
       contains  the  user ID of the last user who successfully logged in using the terminal device.  This field is ignored if it is set in a tem-
       plate or in the default database.  This field is a time_t value that records the last successful login time to the terminal  device.   This
       field  is  ignored  if it is set in a template or in the default database.  This field contains the user ID of the last user who unsuccess-
       fully attempted to log in using the terminal device.  This field is ignored if it is set in a template or in the  default  database.   This
       field is a time_t value that records the last unsuccessful login time to the terminal device.  This field is ignored if it is set in a tem-
       plate or in the default database.  This field contains the user ID of the user who successfully logged in before the user identified in the
       t_uid  field.   This  represents the UID of the previous login session.	This field is ignored if it is set in a template or in the default
       database.  This field is a time_t value that contains the system time of last logout associated with this terminal device. This value marks
       the  end  of  the  previous  login  session associated with the user identified by t_prevuid.  This field records the number of consecutive
       unsuccessful login attempts to the terminal device.  This field is ignored if it is set in a template or in  the  default  database.   This
       field  specifies  the maximum number of consecutive unsuccessful login attempts permitted using the terminal before the terminal is locked.
       Once the terminal is locked, it must be unlocked by an authorized administrator.  This field is a time_t value that  identifies	the  login
       delay enforced by authentication programs between unsuccessful login attempts. This field is designed to slow the rate at which penetration
       attempts on a terminal device can occur.  This field indicates whether the terminal device has been administratively locked. This field	is
       manipulated by authorized administrators only.  This field specifies the time interval in seconds after t_unsuctime to wait before ignoring
       t_failures. Zero means never ignore t_failures.	This field specifies the login time-out value in seconds. If a login attempt is  initiated
       by  entering  a	user  name  at the login prompt but successful authentication is not completed within the time-out interval specified, the
       login attempt is aborted.  This field indicates that the entry is an X window display managed by rather than a terminal device.	This field
       is ignored if it is set in a template or in the default database.

EXAMPLES

       The following example shows a typical terminal control database entry: console:t_devname=console:
	       :t_uid=jdoe:t_logtime#675430072:
	       :t_unsucuid=jdoe:t_unsuctime#673610809:
	       :t_prevuid=root:t_prevtime#671376915:
	       :chkent:

       This  entry is for the system console device, /dev/console. The most recent successful login session was for the user jdoe. The most recent
       unsuccessful login attempt was also by user jdoe. Before the most recent successful login session, the root account was used to log  in	to
       the console.  The entry records the system time for the current successful login, the end of the previous successful login session, and the
       time of the most recent unsuccessful login attempt.

FILES

       Specifies the pathname of the database.

RELATED INFORMATION

       Commands: login(1)

       Functions:  getprtcent(3)

       Files: authcap(4), default(4), securettys(4) delim off

																	   ttys(4)
All times are GMT -4. The time now is 03:11 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy