Re: [TCLUG:7485] logging tcpd/telnetd

To: tclug-list@mn-linux.org
Subject: Re: [TCLUG:7485] logging tcpd/telnetd
From: "Clayton T. Fandre" <cfandre@maddog.mn-linux.org>
Date: Wed, 11 Aug 1999 13:36:07 -0500
References: <37B1B7BE.74A91A6B@frontiernet.net>
Sender: linus@cfsmo.honeywell.com

You can use the last and lastb commands.

last will show you the last logins, and lastb the failed attempts. lastb
was broke in RedHat versions prior to 6.0, but in 6.0 it seems to be
fixed. All you need to do is touch /var/log/btmp as root to get lastb to
started. Also do a chmod 700 /var/log/btmp to make it readable only by
root.

You could create a simple perl script to periodically run last and lastb
and have it notify you of attempt. Just an idea.

Beware: lastb logs the username as the user typed it. If they forget to
enter their username and just typed in their password (as their
username), then their password will show up in the lastb output. That's
why you make /var/log/btmp only readable by root.

Clay

Sandipan Panigrahi wrote:
> 
> Hi, How can I make telnetd/login log the unsuccesfull logins into the
> system ? Right now I have tcpd wrapper around the telnet. All the log
> file show is that it received a connection from W.X.Y.Z but no other
> info.
> 
> I need to know the username that tried to login irrespective of if it
> succeeded or failed.
> 
> Is this at all possible.
> 
> Thanks,
> sandipan
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tclug-list-unsubscribe@mn-linux.org
> For additional commands, e-mail: tclug-list-help@mn-linux.org

-- 
Clay Fandre
cfandre@maddog.mn-linux.org
Twin Cities Linux Users Group
http://www.mn-linux.org

References:
- logging tcpd/telnetd
  - From: Sandipan Panigrahi <pani@frontiernet.net>

Prev by Date: logging tcpd/telnetd
Next by Date: RE: [TCLUG:7474] Semi-off-topic: Speaker noise
Prev by thread: logging tcpd/telnetd
Next by thread: Linux consulting help needed.
Index(es):
- Date
- Thread