Path: utzoo!utgpu!jarvis.csri.toronto.edu!cs.utexas.edu!tut.cis.ohio-state.edu!ucsd!hub!apple!harald
From: harald@apple.ucsb.edu (Ommang)
Newsgroups: comp.unix.questions
Subject: UNIX logging question.
Message-ID: <3259@hub.UUCP>
Date: 7 Dec 89 08:19:19 GMT
Sender: news@hub.UUCP
Reply-To: harald@apple.ucsb.edu (Ommang)
Organization: University of California, Santa Barbara
Lines: 21


I'm working on a paper comparing security in UNIX and HP's MPE op.sys.
There is one little detail that I haven't found out about yet :
If you enter a nonexisting login id or an incorrect password, is this
logged somewhere in a file / to a system console ? (I sure hope so, but I've
yet been unable to verify this).  I know that successful logins are logged,
but failed attempts should also be recorded.  If this exists, is it in 
"standard" UNIX (whatever that is these days... BSD, AT&T, SunOs, HP-UX, AIX,
XENIX...), or is it vendor dependent.  Also, Gary Grossman in "How Secure is
Secure", UNIX Review Aug '86, concludes that UNIX does not quite make it to
a C2 NCSC rating. Any comments ?
Other comments appreciated.

Thank you, 
Harald Ommang


==================================================================
"Born in the ice-blue waters of the festooned Norwegian coast.."
         - Bertrand Meyer on object-oriented programming
Well, so was Harald Ommang.    harald%cornu@hub.ucsb.edu