Valid on UNIX
Password attempt events describe an accessor's attempt to log in with an incorrect password.
Audit records in this event have the following format:
Date Time Status Event UserName Details Reason Terminal Program AuditFlags
Identifies the date the event occurred.
Format: DD MMM YYYY
Note: CA ControlMinder Endpoint Management formats the date display according to your computer's settings.
Identifies the time the event occurred.
Format: HH:MM:SS
Note: CA ControlMinder Endpoint Management formats the time display according to your computer's settings.
Indicates an incorrect password attempt.
Value: A (Password attempt)
Identifies the user logon session ID number.
Identifies the type of event this record belongs to.
Note: CA ControlMinder Endpoint Management refers to this field simply as Event.
Identifies the name of the accessor that performed the action that triggered this event.
Indicates at which stage CA ControlMinder decided what action to take for this event.
Note: The audit record you see in a non-detailed seaudit output displays a number in this field. This number is known as the authorization stage code. In a detailed output or in CA ControlMinder Endpoint Management, the audit record displays the message associated with the authorization stage code. For a complete list of stage codes, run seaudit -t.
Indicates the reason that CA ControlMinder wrote an audit record.
Note: This field does not display in a detailed seaudit output or in CA ControlMinder Endpoint Management. The audit record you see in a non-detailed seaudit output displays a number in this field. This number is known as the reason code. For a complete list of reason codes, run seaudit -t.
Identifies the name of the terminal that the accessor used to connect to the host.
Identifies the name of the program that triggered the event.
Indicates whether the accessor is internal (CA ControlMinder database user) or an enterprise user.
Note: If the accessor is an enterprise user, the audit record you see in a non-detailed seaudit output displays the string "(OS user)" in this field. Otherwise, this field remains empty.
Example: Password Attempt Event Message
The following audit record was taken from a detailed seaudit output.
13 Jan 2009 16:21:12 A LOGIN admin 17 8 localhost.localdomain login Event type: Password attempt Status: Password attempt User name: admin Terminal: localhost.localdomain Date: 13 Jan 2009 Time: 16:21 Program: login Details: Attempt rejected by the native environment User Logon Session ID: 525f8d59:0000010a Audit flags: AC database user
This audit record indicates that on January 13th 2009, the user admin attempted to change his account's password. The attempt was rejected by the native environment because of a login failure (authorization stage code 17—attempt rejected by the native environment). The pam _seos module logged this event (reason code 8—CA ControlMinder pam support UNIX failed login).
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|