From: Asiye Yigit (Asiye.Yigit_at_gantek.com)
Date: Wed, 07 Jul 2004 09:14:04 +0300 To: firstname.lastname@example.org
You can record failed login attempts can be recorded in the file
/var/adm/loginlog. By default, the loginlog file does not exist.
To enable logging, you must create this file with read and write permissions
for root only.
All failed login activity is written to this file automatically after five
failed attempts. However, If there are fewer than five failed attempts,
no activity is logged to this file.
Use the last command to display a record of all logins and logouts
with the most recet activity at the top of the output. It looks in the
/var/adm/wtmpx file, which records all logins and logouts.
For security reasons, you must monitor who has been using the su command,
especially those user's who are trying to gain root access on the
system. You can set
thisusing the /etc/default/su file.
The SULOG variable specifies the name of the file in which all su
switch to another user are logged. If undefined, su logging is turned off.
The entries in this file include the date and time the command was
it was successful (shown by the + symbol for success or the - symbol for
failure), the device
from which the command was issued, and finally the name of the user and
the switched identity.
sunmanagers mailing list