You can log repeated login failures with the /var/adm/loginlog file. This file is not created by default, so you will have to create it. Most systems will allow 5 login retries before logging the event to this file. By the way, you can modify the max retries variable in the /etc/default/login file.
# cd /var/adm
# touch loginlog; chmod 700 loginlog; chown root:sys loginlog
# ls -l loginlog
-rwx------ 1 root sys 0 Nov 16 02:33 loginlog
Attempt to login
login: user1
Password:
Login incorrect
login: user1
Password:
Login incorrect
login: user1
Password:
Login incorrect
login: user1
Password:
Login incorrect
login: user1
Password:
Login incorrect
Connection to host lost.
###################
Now view the contents of the /var/adm/loginlog file.
# cd /var/adm
# more loginlog
user1:/dev/pts/2:Fri Nov 16 02:37:01 2007
user1:/dev/pts/2:Fri Nov 16 02:37:09 2007
user1:/dev/pts/2:Fri Nov 16 02:37:16 2007
user1:/dev/pts/2:Fri Nov 16 02:37:23 2007
user1:/dev/pts/2:Fri Nov 16 02:37:31 2007
No comments:
Post a Comment