Re: Possible Hacking routine

Gregory McLean (gregm@randomc.com)
Fri, 11 Jul 1997 17:47:49 -0400 (EDT)

> On Fri, 11 Jul 1997 thoth@purplefrog.com wrote:
>
> > Robert Hiltibidal <rob@rob.fgi.net> ,in message <Pine.LNX.3.96.970711053124.303
> > 3B-100000@rob.fgi.net>, wrote:
>
> > > coaxed into logging failed attempts? Basically what we want is to log the
> > > failed attempt, the username and ip the attempt came from and to really
> > > give us that warm fuzzy feeling we'd like to log the username and
> > > passwords used.

hmm... I'm just a touch confused by all this...
When someone logs into one of our portmasters, on the loghost one of the
following appears (depending on the account):
Jul 11 17:34:41 <portmaster name> user: host <host name of where they came
from> admin login succeeded
Jul 11 17:55:07 <portmaster> user: host <host> <userid> login failed
Jul 11 17:55:13 <portmaster> user: host <host> <userid> login succeeded

Now of course you have to be running ComOS 3.5 or better (pretty sure 3.5
added this), have the loghost set in the portmasters _and_ set the
portmasters to do it..

'set syslog' is the command.

Maybe I'm missing the whole point here but thats loging the info the
orginal person asked for. (except for passwords and I'd scream loud and
hard if it did that)

and if your the real paranoid type you can log the commands that are
executed on the boxes also. Yep gotta love them manuals.

> >
<SNIP>
> >
> ~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~
> Jake Messinger 713-772-6690 jake@ams.com
> Advanced Medical Systems, Inc. jake@uh.edu
> 8300 Bissonnet #400
> Houston, Texas 77074 http://www.ams.com/~jake
> ~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~
> 

-- 
   // | Gregory A McLean.   | gregm@randomc.com
  //  | Systems Engineer    | +01 770 804-1190 (voice) +01 770 804-4546 (fax)
\X/   | Random Access INC.  | http://www.randomc.com/ 
----------========**This is _ALL_ MY opinion, ALL MINE! HA!*=======------------