This procedure captures in a syslog file all failed login attempts.
1. Set up the /etc/default/login file with the desired values for SYSLOG and SYSLOG_FAILED_LOGINS
Edit the /etc/default/login file to change the entry. Make sure that SYSLOG=YES is uncommented.
2. Create a file with the correct permissions to hold the logging information.
Create the authlog file in the /var/adm directory.
3. Edit the syslog.conf file to log failed password attempts.
Send the failures to the authlog file.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit