Path: utzoo!mnetor!uunet!seismo!esosun!ucsdhub!jack!portnoy!ag From: ag@portnoy.UUCP (Keith Gabryelski) Newsgroups: comp.unix.xenix Subject: Re: Xenix dialin security Message-ID: <142@portnoy.UUCP> Date: 6 May 88 21:52:24 GMT References: <5153@cup.portal.com> Reply-To: ag@portnoy.UUCP (Keith Gabryelski) Organization: Elgar Corporation, San Diego, CA Lines: 49 ! Email bounced ! In article <5153@cup.portal.com> compata@cup.portal.com writes: >Under VMS, I am able to set an alarm which will log all login attempts >via a dial-in port. (I can also set many other types of alarms.) The >alarm does not depend upon the caller being successful at logging-in; >repeated bad attempts are also useful information. I would like to >enable a similar facility for Xenix 386 2.2. Does anyone know how this >can be done, or if it can be done? Sco Xenix does not support any type of login `log'. The clean way would be to hack /etc/login to log all login attemps. This would take time and money. An optional way (read "It works, but only sorta") would be to add code to the /etc/cshrc and /etc/profile to log every time they are invoked. /etc/cshrc is sourced every time a login csh is invoked. Likewise, /etc/profile is sourced every time a login sh is invoked. Sample code: who am i >> /etc/login.log (oh, yes... /etc/login.log should be world writeable) This code will work for /etc/profile and /etc/cshrc. Disadvantages: o Not all login attemps are recorded. Only successful logins are recorded. o Only csh and sh logins are record. Users with other login shells that do not source one of the above files will not show up in the log. vsh (the visual shell) and uucp transfer logins (/usr/lib/uucico/uucico) will not be logged. o Since (in the above example) the log file must be world writeable, it could be deleted if a user knew about it and wanted to hide his login. This could be taken care of by running a suid program executed from /etc/profile or /etc/cshrc. Hope this helps. pax, Keith -- [ Keith ] UUCP: {ucsd, cbosgd!crash, sdcsvax!crash, nosc!crash}!portnoy!ag [Gabryelski] INET: ag@portnoy.cts.com ARPA: portnoy!ag@ucsd.arpa