Hey guys, I'm attempting to harden a solaris 10 fresh install. I followed the following procedures, then tried to use SSH to login (purposefully using wrong password) and also logged wrongly in at the machine itself. However i'm not getting these attempts logged! Can anyone spot what I'm doing wrong? I followed these procedures, from the sun online security services manual:
1--to create loginlog
#chmod 600 /var/adm/loginlog
#chgrp sys /var/adm/loginlog
then I tried using putty and ssh to log into the machine 5 times w/ same user id and wrong password. when I more /var/adm/loginlog, there is nothing there
2--to monitor all failed logins:
changed /etc/default/login so that:
SYSLOG=YES is uncommented and
#chmod 600 /var/adm/authlog
#chgrp sys /var/adm/authlog
then in syslog.conf I added:
auth.notice (pressed tab) /var/adm/authlog
# svcadm refresh system/system-log
then I tried to login w/ putty and at the machine itself w/ the wrong info. Checked authlog and it's got a file size of 0, empty.
WHAT THE HECK!! Is it using putty or SSH? I used to work w/ solaris 8 and loginlog worked fine...it totally seems like this should work! Humph. I'm stumped. I even killed authlog and loginlog and recreated, but no go. The only thing i haven't done is reboot, which i guess is next...any insight? I can post my log files here if needed.