From: Roberto Zini <fred@strhold.it>
Subject: Re: Recording unsuccessful login attemps
Date: Thu, 01 Feb 2001 09:01:47 +0100
References: <980942788.29892.0.nnrp-08.c2de22b3@news.demon.co.uk>
<20010131072651.06972@tegan.com> Tom Parsons wrote: > > Steve Porter enscribed: > | I am running SCO Open Server (SCO_SV scoosv 3.2 5.0.5 i386) > | > | I am interested in logging failed login attemps > | > | I have tried touch /usr/adm/login as suggested for Ver 4.x to no avail. > > It is /usr/adm/loginlog. > > This feature is of some value but not much. Failed logins are > not recorded in loginlog until the number of failed attempts equals > the maximum allowable which by default, is 5. I know this is off topic but UnixWare 7 has some useful features related to this issue; as an example, in /etc/default/login you can specify :

          This keyword sets the number of consecutive failed login
          attempts that are permitted before a record is written to the
          log file (see loginlog(4)). The default is 5. See also the
          descriptions of LOCKONLOGFAIL and MAILONLOGFAIL.
          When set to YES, lock an account when the number of consecutive
          failed login attempts reaches the limit set by LOGFAILURES. The
          default value is NO which prevents the account being locked for
          this reason.
          If LOCKONLOGFAIL is set to YES, this keyword defines the mail
          address(es) of the user(s) who should be notified when an
          account is locked because of too many failed login attempts.
          Multiple mail addresses should be specified as a
          comma-separated list. If undefined or set to null, mail is sent
          to root by default. If LOCKONLOGFAIL is set to NO, no mail is

Just to give this much slaugthered OS a point :-)

