hello all, when i invoke 'lastb', i get the following output : UNKNOWN ttyp1 ruf2-6.evoserve. Tue Jul 27 21:13 - 21:13 (00:00) chadi ttyp1 ruf2-6.evoserve. Tue Jul 27 21:12 - 21:12 (00:00)
that is, UNKNOWN for someone who tried to enter a non-exixtent username (w/ reference to /etc/passwd) and the "chadi" field for someone who tried to log-in using the username "chadi" and providing the wrong password. question, is there any way for as to know as to what exactly is the 'guess' user name someone tried to enter w/c resulted in the UNKNOWN record for /var/log/btmp ? we know that for the entry "chadi", that there really is a user chadi on the system but his password was wrongly entered. is there any way for us to capture and know what the wrongly enetered password is (guess password) and record it in some file ? TIA, Chad im just being paranoid, w/ all the recent attacks/portscans ive been getting lately and attempted logins from completely alien domains ... thanks and hope you can help
