Path: utzoo!mnetor!uunet!steinmetz!davidsen From: davidsen@steinmetz.ge.com (William E. Davidsen Jr) Newsgroups: comp.unix.xenix Subject: Re: Xenix dialin security Message-ID: <10784@steinmetz.ge.com> Date: 10 May 88 20:17:39 GMT References: <5153@cup.portal.com> Reply-To: davidsen@crdos1.UUCP (bill davidsen) Organization: General Electric CRD, Schenectady, NY Lines: 19 Since you want good and bad logins, I think the easy way is to replace the login program itself. Here's what I would do: rename login to something like real.login create a small C program open log file log date/time exec real.login If you run accounting you can see just the failed attempts by looking for jobs named login. When login works there's an exec and the process name changes. You can write your own login fairly easily, using the system call to getpass, then convert it by (I can't remember) and check it. -- bill davidsen (wedu@ge-crd.arpa) {uunet | philabs | seismo}!steinmetz!crdos1!davidsen "Stupidity, like virtue, is its own reward" -me