home *** CD-ROM | disk | FTP | other *** search
- Newsgroups: comp.unix.ultrix
- Path: sparky!uunet!haven.umd.edu!darwin.sura.net!mips!decwrl!pa.dec.com!decuac!hussar.dco.dec.com!mjr
- From: mjr@hussar.dco.dec.com (Marcus J. Ranum)
- Subject: Re: There have been 243 unsuccessful login attempts on your account
- Message-ID: <1992Aug21.022703.11356@decuac.dec.com>
- Sender: news@decuac.dec.com (USENET News System)
- Nntp-Posting-Host: hussar.dco.dec.com
- Organization: Digital Equipment Corporation, Washington ULTRIX Resource Center
- References: <1992Aug10.045511.27362@usage.csd.unsw.OZ.AU> <ROUILJ.92Aug20161834@dl5000.bc.edu>
- Date: Fri, 21 Aug 1992 02:27:03 GMT
- Lines: 28
-
- rouilj@dl5000.bc.edu (John P. Rouillard) writes:
-
- >If you are running LAT or DECnet, then I think you are SOL. I haven't
- >found any way of making those things cough up info about every connect
- >8-(. This is a large portion of the reason I want to get rid of them
- >from the machines I administer 8-).
-
- It's actually pretty easy to get who is coming in over DECnet,
- but writing a weenie little tool that does a getenv("REMHOST") and
- getenv("USERNAME") prints the values, and then turns around and execs
- dlogind. Use ncp to define that program in the executor or whatever
- it's called and replace dlogind with it. Should do the trick. LAT comes
- in through a tty line, but there's a magic way of grabbing the terminal
- server name using:
-
- struct ltattyi ltattyi;
- ioctl(0, LIOCTTYI, <attyi);
-
- and the value of:
- ltattyi.lta_server_name
-
- Since my firewall doesn't run LAT, I never made these changes. I
- leave it as an exercise to the reader. ;)
-
- It you want an excuse to hate LAT or DECnet, there are loads of
- better ones to use than just the logging. ;)
-
- mjr.
-
