From: Harvey, Bruce T. (BTHarvey@LMUS.LEGGMASON.COM)
Date: Fri Oct 10 2003 - 08:38:29 EDT
The problem with that is that failed attempts ARE incrementing the count ...
and it appears that the unsuccessful login count will increment when someone
attempts from a login prompt, even if that username is NOT permitted to log
in. So, the only solution I have is to set the value to zero for disabling.
Not a great loss, but it is an interest to be aware of someone trying to
crack things internally.
Bruce T. Harvey
Legg Mason Wood Walker, Inc.
Corporate Technology - Tech. Svcs.
Red Run 2nd Floor - Owings Mills, MD
(410) 580-7383 - BTHarvey@LeggMason.com
-------------------------------------------------------
-----Original Message-----
From: Green, Simon [mailto:Simon.Green@EU.ALTRIA.COM]
Sent: Friday, October 10, 2003 4:11 AM
To: aix-l@Princeton.EDU
Subject: Re: Login Attempts are cumulative on 'su-only' accounts
As far as I know this is not a bug; it's just the way it's always worked.
("Failing as designed.") An su is not the same as a login; no-one has
logged in, so the unsuccessful login count is not reset.
One way is to beat up the people who are trying to log in, and failing:
disable the ID from logins, if that's not actually required.
If you want to reset it, you can use the chsec command:
chsec -f /etc/security/lastlog -a "unsuccessful_login_count=0" -s UserId
Simon Green
Altria ITSC Europe Ltd
AIX-L Archive at http://marc.theaimsgroup.com/?l=aix-l&r=1&w=2
AIX FAQ at http://www.faqs.org/faqs/aix-faq/
N.B. Unsolicited email from vendors will not be appreciated.
> -----Original Message-----
> From: Harvey, Bruce T. [mailto:BTHarvey@LMUS.LEGGMASON.COM]
> Sent: 09 October 2003 20:38
> To: aix-l@Princeton.EDU
> Subject: Login Attempts are cumulative on 'su-only' accounts
>
>
> We've noticed in our systems where a username is an 'su-only'
> username (for
> logging and auditing purposes so that we can track "who"
> became this user to
> effect a change), that the counts for unsuccessful login attempts is
> cumulative and not being reset with every successful attempt,
> as it is on
> our systems that are _not_ su-only accounts (where users tend
> to log in
> directly rather than be bothered by 'su-ing.'
>
> Besides setting the lockout number down to 0 so it never goes
> off, does
> anyone have an answer on how to reset it on the su-only
> accounts? Or is
> this a bug fixed in a later release? We're seeing it in our
> 4.3.3 ML06
> systems, and we don't see it that often, but we've just
> noticed the pattern,
> and we don't know whether to be concerned for our 5.1 and 5.2
> systems (I'll
> be doing some checking while sending this out to you folks).
> Anyone else
> run into this?
IMPORTANT: The security of electronic mail sent through the Internet
is not guaranteed. Legg Mason therefore recommends that you do not
send confidential information to us via electronic mail, including social
security numbers, account numbers, and personal identification numbers.
Delivery, and timely delivery, of electronic mail is also not
guaranteed. Legg Mason therefore recommends that you do not send time-sensitive
or action-oriented messages to us via electronic mail, including
authorization to "buy" or "sell" a security or instructions to conduct any
other financial transaction. Such requests, orders or instructions will
not be processed until Legg Mason can confirm your instructions or
obtain appropriate written documentation where necessary.
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:17:16 EDT