Solaris 10: monitoring all login attempts

Posted on 2006-04-27
Last Modified: 2013-12-21
Hey guys, I'm attempting to harden a solaris 10 fresh install. I followed the following procedures, then tried to use SSH to login (purposefully using wrong password) and also logged wrongly in at the machine itself. However i'm not getting these attempts logged! Can anyone spot what I'm doing wrong? I followed these procedures, from the sun online security services manual:

1--to create loginlog
#touch /var/adm/loginlog
#chmod 600 /var/adm/loginlog
#chgrp sys /var/adm/loginlog

then I tried using putty and ssh to log into the machine 5 times w/ same user id and wrong password. when I more /var/adm/loginlog, there is nothing there

2--to monitor all failed logins:
changed /etc/default/login so that:
SYSLOG=YES is uncommented and
#touch /var/adm/authlog
#chmod 600 /var/adm/authlog
#chgrp sys /var/adm/authlog

then in syslog.conf I added:
auth.notice (pressed tab) /var/adm/authlog

then did:
# svcadm refresh system/system-log

then I tried to login w/ putty and at the machine itself w/ the wrong info. Checked authlog and it's got a file size of 0, empty.

WHAT THE HECK!! Is it using putty or SSH? I used to work w/ solaris 8 and loginlog worked totally seems like this should work! Humph. I'm stumped. I even killed authlog and loginlog and recreated, but no go. The only thing i haven't done is reboot, which i guess is next...any insight? I can post my log files here if needed.

Question by:sdcox
    LVL 38

    Accepted Solution

    after "touch /var/adm/loginlog", you need edit the  /etc/default/login
        add the following entry to the file:

    see my answer in http:Q_11938338.html

    You can also use "last" command to see the normal logins.

    man last
    to learn more details.

    LVL 10

    Expert Comment

    Why not use JASS for this ?  It does this for you.  *AND* it's the Sun stated best practice.

    Expert Comment

    I have the same problem

    how do you do this in Solaris 10 not 9 or 8 or Linux.   It is different in Solaris 10 for some reason

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Suggested Solutions

    In tuning file systems on the Solaris Operating System, changing some parameters of a file system usually destroys the data on it. For instance, changing the cache segment block size in the volume of a T3 requires that you delete the existing volu…
    My previous tech tip, Installing the Solaris OS From the Flash Archive On a Tape (, discussed installing the Solaris Operating S…
    Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
    This tutorial goes over how to archive and restore FreeBSD jails that are managed by ezjail.

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now