User authentication events
All of the following events provide valuable information about the users on your
system.
The bad_auth event records all attempts to login that
fail because of an invalid password or login name.
A high number of such failures may indicate
that someone who does not know a valid login
name or password is trying to log in.
It is especially important to audit this event if you have
dial-up terminal ports on your system.
If you choose to audit the
bad_auth,
event, it
must be set in the system-wide event mask,
not in a specific user event mask.
The event records failed login attempts, and a user event mask
takes effect only once a user has successfully
logged on.
User authentication events
|
Event
|
Description
|
Manual page
|
Object audit
|
|---|
|
bad_auth
|
bad login name/password
|
login(1)
|
N
|
|
bad_lvl
|
bad login level
|
login(1)
|
N
|
|
cron
|
cron job
|
cron(ADM)
|
N
|
|
def_lvl
|
change a user's default level
|
login(1)
|
N
|
|
login
|
use a login schema
|
login(1)
|
N
|
|
logoff
|
terminate a login session
|
NA
|
N
|
|
passwd
|
change password
|
passwd(1)
|
N
|
Next topic:
I/O control events
Previous topic:
Process control events
© 2005 The SCO Group, Inc. All rights reserved.
SCO OpenServer Release 6.0.0 -- 03 June 2005