Solved

How To Trap Bad Telnet Login Information (Username and Password)

Posted on 2007-11-21
8
871 Views
Last Modified: 2012-06-22
Hello,

We have users telnet (usually locally) into our servers (RedHat 8 and CentOS 4.5).

When we have a bad login attempt, I would like to be able to trap the bad username and password in a log file of some sort.

How can I do this?

Thanks in advance,

s1m0ne
0
Comment
Question by:s1m0ne
8 Comments
 
LVL 48

Accepted Solution

by:
Tintin earned 168 total points
Comment Utility
Details will be in /var/log/secure as well as /var/log/messages
0
 
LVL 13

Assisted Solution

by:WizRd-Linux
WizRd-Linux earned 166 total points
Comment Utility
As far as I know there isn't a way to specifically split out the logs for specifically failed login attempts via telnet.

You can however edit /etc/syslog.conf and add a line similar to:

auth.notice        /var/log/auth.log

As I said, I don't know of a way to split it out so it will log notices and above for any programs that ask for a username and password, eg login, su, ftpd, sshd, telnetd.
0
 
LVL 1

Author Comment

by:s1m0ne
Comment Utility
Thanks, but how do I log the actual bad password in addition to the user?
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 48

Expert Comment

by:Tintin
Comment Utility
You can't log the bad password without making custom changes to sit in middle of the login process.
0
 
LVL 13

Expert Comment

by:WizRd-Linux
Comment Utility
Tintin is absolutely correct.  To log the bad password attempt you would have to modify the telnetd source to include the bad password in the log output then recompile it.
0
 
LVL 40

Assisted Solution

by:omarfarid
omarfarid earned 166 total points
Comment Utility
Hi,

How getting the bad passwords will help you? It is a security breach if you could capture users passwords.

It will be enough for you to know that certain account / accounts are failing to login which could till that either the end users need to be educated about how to login / enter password, or that some accounts are under risk of login attempts.

0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Little introduction about CP: CP is a command on linux that use to copy files and folder from one location to another location. Example usage of CP as follow: cp /myfoder /pathto/destination/folder/ cp abc.tar.gz /pathto/destination/folder/ab…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now