loginlog

To turn on the mechanism that logs unsuccessful attempts to access the system, the administrator must create the file /var/adm/loginlog. If this file exists and five (to change this, see ``Setting login restrictions on accounts'') consecutive unsuccessful login attempts occur, all are logged in loginlog and then login sleeps for 20 seconds before dropping the line. If a person makes fewer than five unsuccessful attempts, none of them are logged.

If loginlog does not exist, five (by default) failed login attempts will still cause the system to sleep for 20 seconds and drop the line, but nothing will be logged.

Enabling login logging

By default, this text file does not exist and logging is off. To enable logging, create the log file with read and write permission for root only.

To enable login logging, perform the following:

1. Begin execution of a subshell. Type
   
   /usr/bin/sh

   The system responds with a shell prompt.

2. Reset the default file creation privileges. Type
   
   umask 077

3. Create the loginlog file. Type
   
   > /var/adm/loginlog

4. Set the group to sys.
   
   chgrp sys /var/adm/loginlog

5. Change the ownership of the file to root.
   
   chown root /var/adm/loginlog

6. Return from the newly created shell. Type
   
   exit

It is important to check and to clear the contents of the loginlog file occasionally, because this file may grow in size quickly. A large number of lines in a short amount of time in this file may suggest an attempt to break into the system. For more information about this file, see loginlog(4).