LISTSERV - HP3000-L Archives

HP3000-L Archives

March 1997, Week 3

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L March 1997, Week 3

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Security / User Logging
From:	Michael Hopper <[log in to unmask]>
Reply To:	Michael Hopper <[log in to unmask]>
Date:	Thu, 20 Mar 1997 15:13:17 GMT
Content-Type:	text/plain
Parts/Attachments:	text/plain (68 lines)

I apologize in advance for keeping all of the 'reply-to' text in the reply,
but it needs to be there.
You might want to read the marked text first to get a handle on what I'm
talking about and come back up here.

Although, reading the logging files, probably would give me what I need, I
still have to wade through them everyday.
Let me try to explain what I'm looking for a bit better.

My security set up on these dedicated lines, (read the other bits below) is
about as basic as it gets, but it is enough to deter the type of users we
have.  The UDC attached to the group, checks the user sign-in against a table.
 If the sign-in doesn't match what the table shows as valid for that
line/port, it immediately aborts that session and lets them know it.  It also
echoes a message to the console, but since we are such a small company, we
don't monitor the console every minute, so a message like this normally
scrolls away LONG after it's displayed.

I know the variables I need: !HPUSER, !HPDATE, and !HPTIME.  When an invalid
user tries to sign-in on any of the ports in question, it would be easier to
track if these variables were written to a separate file before the session is
aborted.

My question <whew>: Can this process be made part of the UDC?

M.Hopper
[log in to unmask]

------------------------------------------------------------------------

In article <[log in to unmask]>,
   [log in to unmask] (Mike Paivinen) wrote:
>Michael Hopper ([log in to unmask]) wrote:
>: Without installing any new software, I need to be able to monitor
>: a particular LDEV and log information about it.
>: I already have a system in place that prevents unauthorized users
>: from accessing the system through particular LDEVs.  (These devs
>: corespond with satellite terminals that are in place at various
>: points throughout our metro area, and access the system using 56k
>: digital lines.)  But what I need now is a way to log the times
>: when someone tries to access the system through any of these lines
>: using an invalid sign-in.  Specifically, I need the date and time as well
as
>: the user name that was attempted, to be written to a file.
>
>DISCLAIMER:  I'm away from my desk at the moment and can't fully confirm this
>            answer.
>
>The LOGON system logging record, record 102(?), should provide all the
>information you want.  It records failed logon attempts as well as successful
>logon attemps.  I'm not sure whether the log record gives you the invalid
>user/account name attempted by the user.  [My memory says it does.]
>Also, all invalid logon attempts are written to the console.  So, you
>can get the same information from the console log records, 115.  The
advantage
>of the logon records is that you can search them by LDEV number.
>
>Mike P.
>=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>Mike Paivinen
>[log in to unmask]
>
>Hewlett-Packard
>CSY - Mailstop 47UA
>19447 Pruneridge Avenue
>Cupertino, CA   95014

ATOM RSS1 RSS2

RAVEN.UTC.EDU