Manualshelf

Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP Host Intrusion Detection System (HIDS)
181182183184185186187188189190
Templates and Alerts
Repeated Failed Logins Template
Appendix A
175
Limitations The template only detects failed logins that are logged to btmp[s].
The template does not detect failed secure ftp (sftp) logins because the ssh
daemon logs failed sftp logins using syslog(3C) instead of logging them to btmp
on 11i and btmps on 11i v2.
The template does not detect failed secure shell (ssh) logins by ssh daemons that
do not log failed ssh logins to btmp on 11i version 1.0 and btmps on 11i version
2.0. SSH daemons should be configured with the "UsePAM" configuration value
set to "no" in order to log failed attempts to btmp(s).
argv[12] Device String <pty device name> Name of pty device
associated with failed
login attempt.
argv[13] Hostname String <remote hostname> Name of remote host
from which login was
attempted.
argv[14] IP
Address
String <A.B.C.D> for IPv4 addresses
"A:B:C:D:..." for IPv6 addresses
IP address of remote
host from which login
was attempted.
Table A-23 Failed Login Attempts Alert Properties (Continued) (Continued)
Response
Program
Argument
Alert
Field
Alert
Field
Type
Alert Value/Format Description