Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Failedlogin file
- Thread starter ranjit
- Start date
- Thread starter
- #3
RodKnowlton
MIS
- Apr 26, 2000
- 1,005
- 0
- 0
The key word in that path is "security". The default output file can not easily be changed, although there are a few hackish approaches that would probably work (though you won't get them from me).
I'm having trouble thinking of a non-evil reason to do it at all. Are you wanting to rotate logs, perhaps? If so, the "fwtmp" command might be able to help you in that regard.
Rod Knowlton
IBM Certified Advanced Technical Expert pSeries and AIX 5L
I'm having trouble thinking of a non-evil reason to do it at all. Are you wanting to rotate logs, perhaps? If so, the "fwtmp" command might be able to help you in that regard.
Rod Knowlton
IBM Certified Advanced Technical Expert pSeries and AIX 5L
- Thread starter
- #5
The "/" filesystem is typically 2 PP's in size and it doesn't take long for unsuccessful logins to increase the size of this file and fill "/".
Rather than increase the "/" filesystem size so as to accommodate this i'd prefer to direct this output to another filesystem with equally secure ownerships/permissions.
Is it possible to change the default location of this file from /etc/security?
Rather than increase the "/" filesystem size so as to accommodate this i'd prefer to direct this output to another filesystem with equally secure ownerships/permissions.
Is it possible to change the default location of this file from /etc/security?
RodKnowlton
MIS
- Apr 26, 2000
- 1,005
- 0
- 0
You might be able to use links, but I wouldn't suggest it. There's no telling what side effects may occur.
You can use fwtmp to accomplish your goal.
Note that is a simple script, designed to show the key commands, and that it contains a race condition. If a failure is logged between the fwtmp line and the cp line, it would be lost with this script.
To largely mitigate the race condition, code this up:
1. copy failedlogin to a temp file in a secure location
2. if failedlogin and temp file are the same size, zero failedlogin, else repeat step 1.
3. append temp file to preferred file by piping fwtmp to fwtmp, as shown.
Rod Knowlton
IBM Certified Advanced Technical Expert pSeries and AIX 5L
You can use fwtmp to accomplish your goal.
Code:
# append current failedlogin to desired file
/usr/sbin/acct/fwtmp < /etc/security/failedlogin |\
/usr/sbin/acct/fwtmp -ic >> /path/to/preferred/secure/file
# zero failedlogin file
/usr/bin/cp /dev/null /etc/security/failedloginNote that is a simple script, designed to show the key commands, and that it contains a race condition. If a failure is logged between the fwtmp line and the cp line, it would be lost with this script.
To largely mitigate the race condition, code this up:
1. copy failedlogin to a temp file in a secure location
2. if failedlogin and temp file are the same size, zero failedlogin, else repeat step 1.
3. append temp file to preferred file by piping fwtmp to fwtmp, as shown.
Rod Knowlton
IBM Certified Advanced Technical Expert pSeries and AIX 5L
- Status
Similar threads
