login failures

Aitor San Juan asanjuan at bolsabilbao.es
Tue May 29 08:36:46 UTC 2007 

Hi List,

Our FreeBSD system has been recently reporting login failures, such as:

May 23 16:44:23 lpool login: 2 LOGIN FAILURES FROM host_name_1
May 23 16:44:23 lpool login: 2 LOGIN FAILURES FROM host_name_1, logon_user_used_1
May 26 15:07:27 lpool login: 1 LOGIN FAILURE ON ttyv1
May 26 15:07:27 lpool login: 1 LOGIN FAILURE ON ttyv1, root
May 26 15:07:34 lpool login: 1 LOGIN FAILURE ON ttyv1
May 26 15:07:34 lpool login: 1 LOGIN FAILURE ON ttyv1, logon_name_used_2
May 26 15:21:50 lpool login: 1 LOGIN FAILURE ON ttyv0
May 26 15:21:50 lpool login: 1 LOGIN FAILURE ON ttyv0, ^[[B^[[A^[[A^[[A^[[A^[[A^[[A^[[A^[[A^[[A^[[A^[[A^[[A^[[A^[[A^[[A^[[


I wonder where in the system, in more detail, this is registered. Can I assure
that those TTYs refer to logon attemps from the physical console? Is there
anyway to track down more information. In addition to this, how could we enable
system activity logging?

Any hint would be highly appreciated. Please, point me to any good documentation
on FreeBSD security (concepts and planning guide).

Thanks in advance.

Aitor.


************ LEGEZKO OHARRA / AVISO LEGAL / LEGAL ADVICE ************* 
Mezu honek isilpeko informazioa gorde dezake, edo jabea duena, edota legez babestuta dagoena. Zuri zuzendua ez bada, bidali duenari esan eta ezabatu, inori berbidali edo gorde gabe, legeak debekatzen duelako mezuak erabiltzea baimenik gabe. 
--------------------------------------------------------------------------
Este mensaje puede contener información confidencial, en propiedad o legalmente protegida. Si usted no es el destinatario, le rogamos lo comunique al remitente y proceda a borrarlo, sin reenviarlo ni conservarlo, ya que su uso no autorizado está prohibido legalmente.
--------------------------------------------------------------------------
This message may contain confidential, proprietary or legally privileged information. If you are not the intended recipient of this message, please notify it to the sender and delete without resending or backing it, as it is legally prohibited.
**************************************************************************

More information about the freebsd-questions mailing list