How to check bad wrong login attempts in HPUX

To check bad / wrong login attempts done on HPUX server.
Howto :
HPUX server logs all wrong logins information in /var/adm/btmps file. This file is data file hence commands like cat, more wont work for this file. To read data within this file use below command
This will convert data in btmps file in human readable format (binary to ASCII). Later you can cat or more output file and investigate bad logins.
Important fields here are :
  1. ID which tried to log in
  2. Terminal from which attempt was made
  3. Date time stamp when attempt was made
  4. IP from which attempt came to server (last field)
  5. System epoch time (7th column)
If you are looking for easy way out and do not wish to dig more into data values, you can use btmp as well. This gives out pretty short and formatted output which is useful for quick look on login attempts.
In above output you can see btmp file is being read by command and username, terminal and timestamp is being extracted to output.
SHARE

sangeethakumar

  • Image
  • Image
  • Image
  • Image
  • Image
    Blogger Comment
    Facebook Comment

0 comments:

Post a Comment