Subject: Re: interface to utmp file.
To: NetBSD Userlevel Technical Discussion List <tech-userlevel@NetBSD.ORG>
From: Greg A. Woods <firstname.lastname@example.org>
Date: 05/20/1999 16:45:02
[ On Thursday, May 20, 1999 at 18:31:34 (+0000), Andy Doran wrote: ]
> Subject: Re: interface to utmp file.
> Out of interest, does the spec define failed logins as loggable in some
Nope. As I recall most compliant or nearly compliant systems simply log
failed logins (attempted via login(8)) to /var/adm/loginlog if it exists. ;-)
In theory though an entry with type LOGIN_PROCESS followed by an entry
for the same "ut_line" with type DEAD_PROCESS, and no intervening entry
for the same "ut_line" with type USER_PROCESS, would indicate that a
failed login had been attempted on the given "ut_line". At least I
think that's the way the process goes... the spec. is rather vague on
On SunOS-5 I find that LOGIN_PROCESS entries are not written by anything
but init(8) [or is it getty(8)?], so you can't detect failed logins
attempted via telnet, for example.
Greg A. Woods
+1 416 218-0098 VE3TCP <email@example.com> <robohack!woods>
Planix, Inc. <firstname.lastname@example.org>; Secrets of the Weird <email@example.com>