Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: bug in Solaris 2.6 security logging

bug in Solaris 2.6 security logging

From: Ruth Milner [VLA] <rmilner_at_NRAO.EDU>
Date: Mon, 12 Jan 1998 09:38:24 -0500

A heads-up for anyone monitoring login failures under Solaris:

Under Solaris 2.x, login failure information is not all logged
in one place. The tty and remote source host, if any, are written
to /var/adm/messages, while the account name that was attempted,
along with the tty but *not* the source host, is logged in
/var/adm/loginlog *if it exists*. /var/adm/loginlog is not created
by default when the OS is installed; it has to be touched and
should be mode 600.

Solaris 2.6 does not write anything in /var/adm/loginlog even if
it does exist. This has been assigned bug ID 4096961.

I also spoke to Sun about the fact that from the standpoint of
monitoring security at a large site, complete information needs to
be in one file; it is difficult to automate cross-referencing of
multiple files, especially when /var/adm/messages summarizes
repeated failures while /var/adm/loginlog does not. This has been
assigned bug ID 4101839. 

----
Ruth Milner                            NRAO                  Socorro NM
Manager of Computing Systems    rmilner_at_aoc.nrao.edu
Received on Jan 12 1998
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos