DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 
Auditable events

User authentication events

All of the following events provide valuable information about the users on your system. The bad_auth event records all attempts to login that fail because of an invalid password or login name. A high number of such failures may indicate that someone who does not know a valid login name or password is trying to log in. It is especially important to audit this event if you have dial-up terminal ports on your system. If you choose to audit the bad_auth, event, it must be set in the system-wide event mask, not in a specific user event mask. The event records failed login attempts, and a user event mask takes effect only once a user has successfully logged on.

User authentication events

Event Description Manual page Object audit
bad_auth bad login name/password login(1) N
bad_lvl bad login level login(1) N
cron cron job cron(ADM) N
def_lvl change a user's default level login(1) N
login use a login schema login(1) N
logoff terminate a login session NA N
passwd change password passwd(1) N


Next topic: I/O control events
Previous topic: Process control events

© 2005 The SCO Group, Inc. All rights reserved.
SCO OpenServer Release 6.0.0 -- 03 June 2005