Friday, October 7, 2016

How to check bad wrong login attempts in HPUX

Requirement : To check bad / wrong login attempts done on HPUX server. Howto : HPUX server logs all wrong logins information in  /var/... thumbnail 1 summary
Requirement :

To check bad / wrong login attempts done on HPUX server.

Howto :

HPUX server logs all wrong logins information in /var/adm/btmps file. This file is data file hence commands like cat, more wont work for this file. To read data within this file use below command


# /usr/sbin/acct/fwtmp -X < /var/adm/btmps > /tmp/badlogins.log

This will convert data in btmps file in human readable format (binary to ASCII). Later you can cat or more output file and investigate bad logins.


# cat /tmp/badlogins.log
root          pts/ta       12127  0 0000 0000 1190171137 0 Sep 19 11:05:37 2007 0 10.105.100.89 10.105.100.89
root          pts/tb       13964  0 0000 0000 1190174185 0 Sep 19 11:56:25 2007 0 10.105.100.89 10.105.100.89

Important fields here are :

  1. ID which tried to log in
  2. Terminal from which attempt was made
  3. Date time stamp when attempt was made
  4. IP from which attempt came to server (last field)
Subscribe to: Post Comments (Atom)