Jeremy -

Please call Tech Support and have them log an enhancement DE for this. I'll
change the code that the suspect name is logged along with the GETUAI error.

At 10:02 PM 4/20/2005, Jeremy Begg wrote:
>Hi,
>
>Process Software MultiNet V4.4 Rev A-X, COMPAQ AlphaServer DS20E 666 MHz,
>OpenVMS AXP V7.3-1
>(Shortly to be upgraded to V5.0 on VMS 7.3-2)
>
>We'd like to gather more information on SSH-based attacks on this system.
>
>We've found a new MULTINET_ROOT:[MULTINET.SSH]SSHD.LOG file gets created for
>each incoming connection and tends to contain entries like this:
>
> SSHD 0181[00026B86]: WARNING: DNS lookup failed for "67.19.157.18".
> getpwnam: getuai failed: 182b2
> getpwnam: getuai failed: 182b2
>
>I'm assuming the 'getpwnam' errors are indicating that the supplied username
>does not exist in the SYSUAF (182B2 = %RMS-E-RNF). Is there some way of
>getting the username into this log file?
>
>What other logging have people found helpful?
>
>Thanks,
>
> Jeremy Begg
>
> +---------------------------------------------------------+
> | VSM Software Services Pty. Ltd. |
> | http://www.vsm.com.au/ |
> | "OpenVMS Systems Management & Programming" |
> |---------------------------------------------------------|
> | P.O.Box 402, Walkerville, | E-Mail: jeremy@vsm.com.au |
> | South Australia 5081 | Phone: +61 8 8221 5188 |
> |---------------------------| Mobile: 0414 422 947 |
> | A.C.N. 068 409 156 | FAX: +61 8 8221 7199 |
> +---------------------------------------------------------+


------
+-------------------------------+----------------------------------------+
| Dan O'Reilly | "There are 10 types of people in this |
| Principal Engineer | world: those who understand binary |
| Process Software | and those who don't." |
| http://www.process.com | |
+-------------------------------+----------------------------------------+