« SCSA10-1 Objective 4.1 - Solaris user account and initialization file adminstration
SCSA10-1 Objective 4.3 - Solaris security switching users, becoming root, monitoring su attempts »

SCSA10-1 Objective 4.2 - Monitor Solaris system access using appropriate commands

Monitor system access by using appropriate commands.

System access can be monitored with several commands. The simplest is who which lists the currently logged in users. The variant command w provides the information contained in who plus what command each user is running.

Previous logins to the system are accessible with the last command. This command can be used with a username or terminal id to list past logins by that user or on that terminal. The last command uses the /var/adm/wtmpx file for previous login information.

Failed login attempts can be monitored by creating a file: touch /var/adm/loginlog All subsequent failed login attempts will be logged to this file. A more elaborate technique for using syslog to monitor failed logins is described in Sun’s documentation pages.

This entry was posted on Wednesday, January 18th, 2006 at 9:44 pm and is filed under SCSA I Solaris 10. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.