Bugtraq mailing list archives
bug in Solaris 2.6 security logging
From: rmilner () NRAO EDU (Ruth Milner [VLA])
Date: Mon, 12 Jan 1998 09:38:24 -0500
A heads-up for anyone monitoring login failures under Solaris: Under Solaris 2.x, login failure information is not all logged in one place. The tty and remote source host, if any, are written to /var/adm/messages, while the account name that was attempted, along with the tty but *not* the source host, is logged in /var/adm/loginlog *if it exists*. /var/adm/loginlog is not created by default when the OS is installed; it has to be touched and should be mode 600. Solaris 2.6 does not write anything in /var/adm/loginlog even if it does exist. This has been assigned bug ID 4096961. I also spoke to Sun about the fact that from the standpoint of monitoring security at a large site, complete information needs to be in one file; it is difficult to automate cross-referencing of multiple files, especially when /var/adm/messages summarizes repeated failures while /var/adm/loginlog does not. This has been assigned bug ID 4101839. ---- Ruth Milner NRAO Socorro NM Manager of Computing Systems rmilner () aoc nrao edu
Current thread:
- Addendum to FrontPage password issue hostmaster (Jan 09)
- Re: Addendum to FrontPage password issue Kosmas Skiadopoulos (Jan 11)
- perl version of that tin opener (IOS decrypt.c) Riku Meskanen (Jan 11)
- Again: perl version of that tin opener (IOS decrypt.c) Riku Meskanen (Jan 11)
- bug in Solaris 2.6 security logging Ruth Milner [VLA] (Jan 12)
- Buffer overflows in Deliver: get 2.1.13 Chip Salzenberg (Jan 12)
- [SIGNED] Buffer overflows in Deliver: get 2.1.13 Chip Salzenberg (Jan 12)
- KSR[T] Advisory #6: deliver KSR[T] (Jan 12)
- Re: KSR[T] Advisory #6: deliver Chip Salzenberg (Jan 12)
- hole in sudo for MP-RAS. osiris () COURIER CB LUCENT COM (Jan 12)
- Re: hole in sudo for MP-RAS. Cy Schubert - ITSD Open Systems Group (Jan 12)
- Re: hole in sudo for MP-RAS. Todd C. Miller (Jan 12)
- Re: hole in sudo for MP-RAS. Cy Schubert - ITSD Open Systems Group (Jan 12)
- Re: hole in sudo for MP-RAS. Todd C. Miller (Jan 12)
- Re: hole in sudo for MP-RAS. Todd C. Miller (Jan 13)