Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Solaris logs - Tracking failed attempts from my host
Operating Systems Solaris Solaris logs - Tracking failed attempts from my host Post 302591994 by bartus11 on Sunday 22nd of January 2012 08:31:40 AM
Old 01-22-2012
Try running this DTrace one-liner:
Code:
nohup dtrace -n 'syscall::connect:entry/execname=="ssh"/{printf ("uid: %d, command: %s,uid,curpsinfo->pr_psargs)}' > /var/adm/ssh_logins &

In the "/var/adm/ssh_logins" you will find all the executions of SSH done from your server with UIDs of the users running them. You should be able to easily grep the line that you need. After you have identified that user, you can kill dtrace process.
Last edited by bartus11; 01-22-2012 at 09:38 AM..
 

8 More Discussions You Might Find Interesting

1. AIX

Denying IPaddress for Multiple Failed Login Attempts

Hi. I would like to be able to deny IP address for too many failed login attemps (either from ssh, sftp, ftp, etc). The system I wish this to work on is an AIX 5.1 system. I'm new to AIX but I'm a linux user. There is a program for linux called fail2ban which reads from the log files and see if... (1 Reply)
Discussion started by: metzgerh
1 Replies

2. AIX

ftp check for failed attempts

Hi, I have created the below ftp script to put files over to our capacity server, the check at the end works if ftp fails to run however if the script cannot login or the transfer itself failed there is no warnings. Does anyone know the syntax to trap the erorr codes or to put a check within... (3 Replies)
Discussion started by: chlawren
3 Replies

3. Shell Programming and Scripting

Create a script that executes when a user attempts to delete history logs

Hi, I have a linux redhat 9 server and I am concerned about the security on that server. I would like to be able to write a script that records all the commands that were typed at the command prompt before the user calls the 'history -c' command and deletes all the history. I was thinking about... (4 Replies)
Discussion started by: mishkamima
4 Replies

4. Shell Programming and Scripting

Another question for tracking failed logins via script

Hello Experts, I have this initial shell script that tracks failed login attempts: #!/bin/bash #Fetch failed user logins to file failed-logins.txt grep -i failed /var/log/secure | awk '{ print $1, $2" ", $3" ", $9" ", $11 }' > failed-logins.txt #Splitting the failed-logins in... (10 Replies)
Discussion started by: linuxgeek
10 Replies

5. UNIX for Dummies Questions & Answers

TCP failed connection attempts from netstat -s

Dear experts, I am seeing a lot of TCP failed connection attempts from "netstat -s" on one of our servers. How can I pin point what connection failed and what are the ports involved? Any tools/commands I can dig in deeper to diag. what went wrong on these "failed connection attempts"? ... (2 Replies)
Discussion started by: cache51
2 Replies

6. Shell Programming and Scripting

Job tracking in logs

I have two log files from two different days and some jobs start on one day and finish on the next. I also have jobs that start and then don't finish until other jobs start and finish. I'm trying to create a csv file with job name, start time and end time in the order that the jobs started. ... (2 Replies)
Discussion started by: wawa
2 Replies

7. Solaris

Need to recover/move diskgroup from failed host to another host

Hi All I am having VxVm on two Solaris hosts. host1 is using disk group dgHR. right now this server went down due to hardware fault. Not I need to import this dgHR into host2 server. Please let me know the procedure for the same. (1 Reply)
Discussion started by: amity
1 Replies

8. Cybersecurity

Failed SSHD Login Attempts (15,000 per day) - Is that a lot compared to your server?

The purpose of this thread is for everyone to follow the same methodology so we can create a future table, for the benefit of all, that shows how many failed login attempts (hacking) per day per server (and per minute) are happening. This is not a thread on writing scripts or creating... (10 Replies)
Discussion started by: Neo
10 Replies

LEARN ABOUT CENTOS

pam_warn

PAM_WARN(8)							 Linux-PAM Manual						       PAM_WARN(8)

NAME

       pam_warn - PAM module which logs all PAM items if called

SYNOPSIS

       pam_warn.so

DESCRIPTION

       pam_warn is a PAM module that logs the service, terminal, user, remote user and remote host to syslog(3). The items are not probed for, but
       instead obtained from the standard PAM items. The module always returns PAM_IGNORE, indicating that it does not want to affect the
       authentication process.

OPTIONS

       This module does not recognise any options.

MODULE TYPES PROVIDED

       The auth, account, password and session module types are provided.

RETURN VALUES

       PAM_IGNORE
	   This module always returns PAM_IGNORE.

EXAMPLES

	   #%PAM-1.0
	   #
	   # If we don't have config entries for a service, the
	   # OTHER entries are used. To be secure, warn and deny
	   # access to everything.
	   other auth	  required	 pam_warn.so
	   other auth	  required	 pam_deny.so
	   other account  required	 pam_warn.so
	   other account  required	 pam_deny.so
	   other password required	 pam_warn.so
	   other password required	 pam_deny.so
	   other session  required	 pam_warn.so
	   other session  required	 pam_deny.so

SEE ALSO

       pam.conf(5), pam.d(5), pam(8)

AUTHOR

       pam_warn was written by Andrew G. Morgan <morgan@kernel.org>.

Linux-PAM Manual						    09/19/2013							       PAM_WARN(8)
All times are GMT -4. The time now is 01:47 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy