|
|
To turn on the mechanism that logs unsuccessful attempts to access the system, the administrator must create the file /var/adm/loginlog. If this file exists and five (to change this, see ``Setting login restrictions on accounts'') consecutive unsuccessful login attempts occur, all are logged in loginlog and then login sleeps for 20 seconds before dropping the line. If a person makes fewer than five unsuccessful attempts, none of them are logged.
If loginlog does not exist, five (by default) failed login attempts will still cause the system to sleep for 20 seconds and drop the line, but nothing will be logged.
By default, this text file does not exist and logging is off. To enable logging, create the log file with read and write permission for root only.
To enable login logging, perform the following:
The system responds with a shell prompt.
It is important to check and to clear the contents of the loginlog file occasionally, because this file may grow in size quickly. A large number of lines in a short amount of time in this file may suggest an attempt to break into the system. For more information about this file, see loginlog(4).