loginlog and authlog does not capture the failed login attempts using ssh and CDE login!

Posted on 2006-05-05
Last Modified: 2013-12-27
I had created /var/adm/loginlog and /var/log/authlog, with permission set to 600, and group is sys. Using CDE or ssh to login is not captured by loginlog, or authlog. However using telnet failed attempts are recorded in both logs. I need to configure the system in such away that ssh, and CDE will record to loginlog after 3 bad login attempts, and record every failed attempts to authlog. I already configured
Question by:as618
    LVL 34

    Accepted Solution

    That's because SSH does not use the mechanism you're configuring.

    SSH logs to either its own file, or to the FACILITY specified in the sshd_config file. I generally point mine to one of the LOCAL facilities. You can configure this at compile-time, or using directives in sshd_config.
    LVL 27

    Assisted Solution

    /var/adm/loginlog is used by /bin/login program only. This file is checked and filled from /bin/login.

    Any authentication program that uses standard '/bin/login'  program will log to /var/adm/loginlog.
    - in.telnetd uses '/bin/login' for authentication.
    - sshd doesn't, but it can if you will compile openssh instead of standard Solaris shipped version and enable option 'UseLogin yes' in sshd_config
    - CDE doesn't and cannot be tuned to use 'login' program for authentiation.

    Almost any authentication program uses syslog to log failed attempts.
    man syslog.conf
    for details. Something about syslog facilities has already been said by PsiCop.
    You should tune your syslogd.conf to log all messages (up to debug level) to some file and then grep this file to login failures.

    LVL 38

    Assisted Solution

    Edit /etc/default/login file

          # Allow 3 login attempts

           #note "RETRIES" - all uppercase.

    When a user failed to type in his/her password, it log to /var/adm/loginlog
    you need to make sure  /var/adm/loginlog exist. eg

         touch  /var/adm/loginlog

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    When you do backups in the Solaris Operating System, the file system must be inactive. Otherwise, the output may be inconsistent. A file system is inactive when it's unmounted or it's write-locked by the operating system. Although the fssnap utility…
    Installing FreeBSD… FreeBSD is a darling of an operating system. The stability and usability make it a clear choice for servers and desktops (for the cunning). Savvy?  The Ports collection makes available every popular FOSS application and packag…
    Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
    In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now