Solaris 10: monitoring all login attempts

Hey guys, I'm attempting to harden a solaris 10 fresh install. I followed the following procedures, then tried to use SSH to login (purposefully using wrong password) and also logged wrongly in at the machine itself. However i'm not getting these attempts logged! Can anyone spot what I'm doing wrong? I followed these procedures, from the sun online security services manual:

1--to create loginlog
#touch /var/adm/loginlog
#chmod 600 /var/adm/loginlog
#chgrp sys /var/adm/loginlog

then I tried using putty and ssh to log into the machine 5 times w/ same user id and wrong password. when I more /var/adm/loginlog, there is nothing there

2--to monitor all failed logins:
changed /etc/default/login so that:
SYSLOG=YES is uncommented and
#touch /var/adm/authlog
#chmod 600 /var/adm/authlog
#chgrp sys /var/adm/authlog

then in syslog.conf I added:
auth.notice (pressed tab) /var/adm/authlog

then did:
# svcadm refresh system/system-log

then I tried to login w/ putty and at the machine itself w/ the wrong info. Checked authlog and it's got a file size of 0, empty.

WHAT THE HECK!! Is it using putty or SSH? I used to work w/ solaris 8 and loginlog worked totally seems like this should work! Humph. I'm stumped. I even killed authlog and loginlog and recreated, but no go. The only thing i haven't done is reboot, which i guess is next...any insight? I can post my log files here if needed.

Who is Participating?
after "touch /var/adm/loginlog", you need edit the  /etc/default/login
    add the following entry to the file:

see my answer in http:Q_11938338.html

You can also use "last" command to see the normal logins.

man last
to learn more details.

Why not use JASS for this ?  It does this for you.  *AND* it's the Sun stated best practice.
I have the same problem

how do you do this in Solaris 10 not 9 or 8 or Linux.   It is different in Solaris 10 for some reason
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.