Solved

How To Trap Bad Telnet Login Information (Username and Password)

Posted on 2007-11-21
8
872 Views
Last Modified: 2012-06-22
Hello,

We have users telnet (usually locally) into our servers (RedHat 8 and CentOS 4.5).

When we have a bad login attempt, I would like to be able to trap the bad username and password in a log file of some sort.

How can I do this?

Thanks in advance,

s1m0ne
0
Comment
Question by:s1m0ne
8 Comments
 
LVL 48

Accepted Solution

by:
Tintin earned 168 total points
ID: 20332095
Details will be in /var/log/secure as well as /var/log/messages
0
 
LVL 13

Assisted Solution

by:WizRd-Linux
WizRd-Linux earned 166 total points
ID: 20332263
As far as I know there isn't a way to specifically split out the logs for specifically failed login attempts via telnet.

You can however edit /etc/syslog.conf and add a line similar to:

auth.notice        /var/log/auth.log

As I said, I don't know of a way to split it out so it will log notices and above for any programs that ask for a username and password, eg login, su, ftpd, sshd, telnetd.
0
 
LVL 1

Author Comment

by:s1m0ne
ID: 20332268
Thanks, but how do I log the actual bad password in addition to the user?
0
New! My Passport Wireless Pro Wi-Fi Mobile Storage

Portable wireless storage to offload, edit, and stream anywhere.

High-capacity, wireless mobile storage designed to accompany professional photographers and videographers in the field to easily offload, edit and stream captured photos and high-definition videos.

 
LVL 48

Expert Comment

by:Tintin
ID: 20332295
You can't log the bad password without making custom changes to sit in middle of the login process.
0
 
LVL 13

Expert Comment

by:WizRd-Linux
ID: 20332331
Tintin is absolutely correct.  To log the bad password attempt you would have to modify the telnetd source to include the bad password in the log output then recompile it.
0
 
LVL 40

Assisted Solution

by:omarfarid
omarfarid earned 166 total points
ID: 20332478
Hi,

How getting the bad passwords will help you? It is a security breach if you could capture users passwords.

It will be enough for you to know that certain account / accounts are failing to login which could till that either the end users need to be educated about how to login / enter password, or that some accounts are under risk of login attempts.

0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
Secure Shell (SSH) is a network protocol for secure data communication, mainly used to administer remote Unix / Linux servers via command line. But it also allows the user to open a secure tunnel between a client and a server where he can send any k…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now