Manualshelf

Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP HP-UX Auditing System Extensions
31323334353637383940
as /bin/ksh, /bin/csh, or /bin/sh. If the command field is empty, the default
is /bin/sh.
The command field does not have to be a shell. See Section 2.1.3 for an example
of running another command.
8. After the shell initialization is complete, the system displays a prompt and waits for
user input.
You can have the login process perform further user authentication using the Pluggable
Authentication Modules (PAM). For more information, see pam.conf(4) and Section 2.3.
2.2.2 Checking the login Tracking Files (btmp and wtmp)
The following files keep a log of logins:
The /var/adm/btmp file keeps track of failed logins.
The /var/adm/wtmp file keeps track of successful logins.
Use the lastb command to read the /var/adm/btmp file to see if unauthorized users
have attempted to log in.
Use the last command to read the/var/adm/wtmp file.
The last and lastb commands display the most recent user information, in descending
order.
The wtmp and btmp files tend to grow without bound, so check them regularly.
Periodically remove information that is no longer useful to prevent the file from becoming
too large. The wtmp and btmp files are not created by the programs that maintain them.
If these files are removed, login record keeping is turned off.
A common mistake users make during login is to enter the password, or part of the
password at the login prompt. This failed login is recorded in the btmps file and exposes
the password or partial password. For this reason, the file protection on the btmps should
be set so that it is only readable by administrators.
# chmod 400 /var/adm/btmps
If the security policy requires that past sessions of one user cannot be viewed by another
user, then the file protection of the /var/adm/wtmp file may also need to be changed.
See last(1), utmp(4), and wtmp(4) for more information.
The utmp database is a user accounting database managed and synchronized according
to /var/adm/utmp by the utmpd command. Application programs can access the
utmps database. See utmpd(1M) and utmps(4).
2.2.2.1 Last Command Examples
This section contains examples of using the last command. The following command
lists all of the root sessions and all sessions on the console terminal:
# last root console | more
root pts/1 Mon Mar 12 16:22 - 18:04 (01:41)
2.2 Authenticating Users During Login 33