Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

How To Trap Bad Telnet Login Information (Username and Password)

Posted on 2007-11-21
8
Medium Priority
?
890 Views
Last Modified: 2012-06-22
Hello,

We have users telnet (usually locally) into our servers (RedHat 8 and CentOS 4.5).

When we have a bad login attempt, I would like to be able to trap the bad username and password in a log file of some sort.

How can I do this?

Thanks in advance,

s1m0ne
0
Comment
Question by:s1m0ne
6 Comments
 
LVL 48

Accepted Solution

by:
Tintin earned 672 total points
ID: 20332095
Details will be in /var/log/secure as well as /var/log/messages
0
 
LVL 13

Assisted Solution

by:WizRd-Linux
WizRd-Linux earned 664 total points
ID: 20332263
As far as I know there isn't a way to specifically split out the logs for specifically failed login attempts via telnet.

You can however edit /etc/syslog.conf and add a line similar to:

auth.notice        /var/log/auth.log

As I said, I don't know of a way to split it out so it will log notices and above for any programs that ask for a username and password, eg login, su, ftpd, sshd, telnetd.
0
 
LVL 1

Author Comment

by:s1m0ne
ID: 20332268
Thanks, but how do I log the actual bad password in addition to the user?
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
LVL 48

Expert Comment

by:Tintin
ID: 20332295
You can't log the bad password without making custom changes to sit in middle of the login process.
0
 
LVL 13

Expert Comment

by:WizRd-Linux
ID: 20332331
Tintin is absolutely correct.  To log the bad password attempt you would have to modify the telnetd source to include the bad password in the log output then recompile it.
0
 
LVL 40

Assisted Solution

by:omarfarid
omarfarid earned 664 total points
ID: 20332478
Hi,

How getting the bad passwords will help you? It is a security breach if you could capture users passwords.

It will be enough for you to know that certain account / accounts are failing to login which could till that either the end users need to be educated about how to login / enter password, or that some accounts are under risk of login attempts.

0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Secure Shell (SSH) is a network protocol for secure data communication, mainly used to administer remote Unix / Linux servers via command line. But it also allows the user to open a secure tunnel between a client and a server where he can send any k…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Suggested Courses
Course of the Month7 days, 7 hours left to enroll

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question