[Sunhelp] logging logins on Solaris 7

Flynn, Harold M. III Flynnh at mont.disa.mil
Mon Jan 10 16:48:24 CST 2000 

I myself like making use of bsmconv (man bsmconv) and auditd (man -s 1M
auditd and man -s 4 audit_control.  These are GREAT for not only
logins/outs, but playing big brother as well.  I reccommend it to everybody
that's concerned with system security.

Hal

Hal Flynn, ICS Inc.        Senior Systems Analyst
Defense   Information   Systems   Agency
flynnh at mont.disa.mil    Commercial:  334-416-3233
DSN:  596-3233


> -----Original Message-----
> From:	Chian-Shan I [SMTP:alani at mit.edu]
> Sent:	Monday, January 10, 2000 3:00 PM
> To:	sunhelp at sunhelp.org
> Cc:	blang at mit.edu; finney at mit.edu
> Subject:	Re: [Sunhelp] logging logins on Solaris 7
> 
> At 02:06 PM 1/10/00 -0500, you wrote:
> >Hi there.
> >
> >	I'm trying to figure out how to keep logs of _successful_ logins
> >under Solaris 7.  Irix/Linux/SunOS all generate nice syslog() messages on
> >successful login, e.g. from Irix 6.5.5:
> >
> >Jan 10 13:47:43 host.local.domain login[13183]: user at remote as localuser
> >
> >on Irix.  But the most I've managed to get out of Solaris 7 is this:
> >
> >Jan 10 14:03:18 host.local.domain login: pam_authenticate: error
> >Authentication failed
> >
> >... and this is only for unsuccesful logins.  It doesn't give username,
> >remote host, why the authentication failed, or anything.  Is there any
> way
> >to get more useful information from PAM under Solaris?
> 
> First you can use logins command to display user's login status. (man
> logins; eg. logins w/ or w/o -s, -t, -u....).
> Check /var/adm/loginlog; /var/adm/sulog; /var/adm/pamlog.
> You can display five levels of PAM error reporting by adding entries to
> the
> /etc/syslog file.
> Rgds, 
> Alan I
> 
> 
> >-------------------------------------------------------------------------
> -
> >|   harpo at udel.edu lowe at cis.udel.edu lowe at debian.org lowe at asel.udel.edu
> |
> >|			http://www.cis.udel.edu/~lowe/		         |
> >|    PGP Public Key:  http://www.cis.udel.edu/~lowe/index.html#pgpkey
> |
> >-------------------------------------------------------------------------
> -
> >
> >
> >_______________________________________________
> >SunHELP maillist  -  SunHELP at sunhelp.org
> >http://www.sunhelp.org/mailman/listinfo/sunhelp
> >
> 
> _______________________________________________
> SunHELP maillist  -  SunHELP at sunhelp.org
> http://www.sunhelp.org/mailman/listinfo/sunhelp

More information about the SunHELP mailing list