Solaris 10: monitoring all login attempts

Posted on 2006-04-27
Medium Priority
Last Modified: 2013-12-21
Hey guys, I'm attempting to harden a solaris 10 fresh install. I followed the following procedures, then tried to use SSH to login (purposefully using wrong password) and also logged wrongly in at the machine itself. However i'm not getting these attempts logged! Can anyone spot what I'm doing wrong? I followed these procedures, from the sun online security services manual:

1--to create loginlog
#touch /var/adm/loginlog
#chmod 600 /var/adm/loginlog
#chgrp sys /var/adm/loginlog

then I tried using putty and ssh to log into the machine 5 times w/ same user id and wrong password. when I more /var/adm/loginlog, there is nothing there

2--to monitor all failed logins:
changed /etc/default/login so that:
SYSLOG=YES is uncommented and
#touch /var/adm/authlog
#chmod 600 /var/adm/authlog
#chgrp sys /var/adm/authlog

then in syslog.conf I added:
auth.notice (pressed tab) /var/adm/authlog

then did:
# svcadm refresh system/system-log

then I tried to login w/ putty and at the machine itself w/ the wrong info. Checked authlog and it's got a file size of 0, empty.

WHAT THE HECK!! Is it using putty or SSH? I used to work w/ solaris 8 and loginlog worked fine...it totally seems like this should work! Humph. I'm stumped. I even killed authlog and loginlog and recreated, but no go. The only thing i haven't done is reboot, which i guess is next...any insight? I can post my log files here if needed.

Question by:sdcox
LVL 38

Accepted Solution

yuzh earned 2000 total points
ID: 16558512
after "touch /var/adm/loginlog", you need edit the  /etc/default/login
    add the following entry to the file:

see my answer in http:Q_11938338.html

You can also use "last" command to see the normal logins.

man last
to learn more details.

LVL 10

Expert Comment

ID: 16558782
Why not use JASS for this ?  It does this for you.  *AND* it's the Sun stated best practice.

Expert Comment

ID: 16735531
I have the same problem

how do you do this in Solaris 10 not 9 or 8 or Linux.   It is different in Solaris 10 for some reason

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Attention: This article will no longer be maintained. If you have any questions, please feel free to mail me. jgh@FreeBSD.org Please see http://www.freebsd.org/doc/en_US.ISO8859-1/articles/freebsd-update-server/ for the updated article. It is avail…
Introduction Regular patching is part of a system administrator's tasks. However, many patches require that the system be in single-user mode before they can be installed. A cluster patch in particular can take quite a while to apply if the machine…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
Suggested Courses
Course of the Month15 days, left to enroll

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question