Solaris 10 logfile for bad logins

Similar Messages

• JDBC tries multiple times to connect on a bad login

  Hi, we got this problem when there's a bad login (ora-01017) from a user.
  Note that everything works fine for a successful login.
  So when a bad login occur it takes at least 2-3 minutes to catch the exception.
  During that time we can see in the JDBC tracing that there's multiple tries to connect, about 200.
  We use classes12 and Oracle 10g (RAC).
  LOAD_BALANCE=ON
  FAILOVER=ON
  SERVER = DEDICATED
  I did try with DriverManager and OracleDatasource with no difference.
          Connection con = null;         try{           compteur = compteur+1;           trace.ecrireLogEnv("compteur : "+compteur);           //DriverManager.setLogWriter(new PrintWriter(new FileOutputStream(chemin.substring(0,chemin.indexOf("classes"))+"log//test_connexion.txt")));           //con = DriverManager.getConnection(url,user,motPass);           OracleDataSource ods = new OracleDataSource();           ods.setURL(url);           ods.setLogWriter(new PrintWriter(new FileOutputStream(chemin.substring(0,chemin.indexOf("classes"))+"log//test_connexion_ds.txt")));           con = ods.getConnection(user,motPass);           etat = true;         } catch( SQLException e ){           msg = e.getMessage();           trace.ecrireLogEnv("mesg "+ msg);         }         finally {           if( con != null ) {             try { con.close(  ); }             catch( Exception e ) { }           }         }
  Anyone can help?
  Caroline

  Thanks for your reply.
  We use classes12 because we had no needs to upgrade, like TIMESTAMP...
  Maybe we could try change driver.
  And nothing in the code loop to try that many times. Like written in the example code we made a little sample page just to test the connection. That's all.
  I don't have any control of the pool connection. But the people that are doing it says to me that there is no settings configured to attempt connection 200 times.

• PAM_CONV not working for SSH logins

  I have a problem implementing PAM_CONV for SSH logins on Solaris 9 with the latest OS patches. I am using my own PAM module.
  I am trying to utilize PAM_CONV from pam_sm_acct_mgmt.
  I am using the following definition in /etc/pam.conf :
  other account optional pam_gabi.so
  Here is how I use PAM_CONV from pam_sm_acct_mgmt :
  #include <security/pam_appl.h>
  #include <security/pam_modules.h>
  #include <syslog.h>
  void gabi_pam_free_msg (int num_msg,
  struct pam_message **msg);
  void gabi_pam_free_resp (int num_msg, struct pam_response *resp);
  int gabi_pam_conv (int (*conv_funp)(), int num_msg,
  char **messages,
  struct pam_response **resp);
  #define PAM_MSG(pamh, number, string)\
  (char *) __pam_get_i18n_msg(pamh, "pam_unix", 3, number,
  string)
  void gabi_pam_free_msg (int num_msg, struct pam_message *msg)
  if (msg && num_msg > 0) {
  while (num_msg--) {
  if (msg[num_msg].msg)
  free((void*)msg[num_msg].msg);
  free(msg);
  void gabi_pam_free_resp (int num_msg, struct pam_response *resp)
  int i;
  struct pam_response *r;
  for (i = 0, r = resp; i < num_msg && r; i++, r++) {
  if (r->resp) {
  free(r->resp);
  if (resp)
  free(resp);
  extern
  int pam_sm_acct_mgmt (pam_handle_t *pamh,
  int flags,
  int argc ,
  const char **argv)
  char message[PAM_MAX_NUM_MSG][PAM_MAX_MSG_SIZE];
  char *pmessage = &message[0];
  struct pam_response *ret_resp;
  struct pam_conv *pam_convp;
  int rv=0;
  syslog(LOG_WARNING, "pam_sm_acct_mgmt");
  memset(&message[0],0x00,PAM_MAX_MSG_SIZE);
  if (pam_get_item(pamh, PAM_CONV, (void*)&pam_convp) == PAM_SUCCESS) {
  syslog(LOG_WARNING, "pam_sm_acct_mgmt: PAM_CONV
  == PAM_SUCCESS");
  (void) snprintf(message[0],sizeof (message[0]),
  (const char *) PAM_MSG(pamh,
  1,"pam_sm_acct_mgmt : "));
  rv=gabi_pam_conv(pam_convp->conv, 1, &pmessage,
  &ret_resp);
  syslog(LOG_WARNING, "pam_sm_acct_mgmt:seos_pam_conv
  returned rv=%d",rv);
  else
  syslog(LOG_WARNING, "pam_sm_acct_mgmt: PAM_CONV !
  = PAM_SUCCESS");
  return PAM_IGNORE;
  int gabi_pam_conv (int (*conv_funp)(), int num_msg, char **messages,
  struct pam_response **resp)
  struct pam_message *msg;
  int retcode, i;
  struct pam_response *ret_resp = NULL;
  msg = (struct pam_message *)calloc(num_msg, sizeof(struct
  pam_message));
  if (msg == NULL)
  return PAM_BUF_ERR;
  for (i = 0; i < num_msg; i++) {
  char nl = 0;
  msg.msg = (char *)malloc(PAM_MAX_MSG_SIZE);
  if (resp && (i == num_msg - 1)) {
  msg[i].msg_style = PAM_PROMPT_ECHO_OFF;
  ret_resp = *resp;
  nl = '\0';
  else
  msg[i].msg_style = PAM_TEXT_INFO;
  snprintf(msg[i].msg, PAM_MAX_MSG_SIZE, "%s%c",
  messages[i], nl);
  retcode = conv_funp(num_msg, &msg, &ret_resp, NULL);
  syslog(LOG_WARNING, "seos_pam_conv: conv_funp returned
  retcode=PAM_SUCCESS=%c",
  ((retcode == PAM_SUCCESS) ? 'Y' : 'N'));
  gabi_pam_free_msg(num_msg, msg);
  if (resp)
  *resp = ret_resp;
  else
  gabi_pam_free_resp(num_msg, ret_resp);
  return retcode;
  I compile the source file like :
  cc -K pic -I. -c -o <obj_file> <src_file>
  cc -o pam_gabi.so -G -h pam_sample.so.1 -z text -z defs
  -Bsymbolic <obj_file> -lc -lpam -lnsl
  I copied pam_gabi.so to /usr/lib/security.
  From a remote machine I run :
  ssh -l <user_id> my_machine (<user_id> is a regular user)
  I expect to get prompted with "pam_sm_acct_mgmt :" after I put in the
  user password but I never see it and I am logged in successfully.
  If I try :
  rlogin -l <user_id> my_machine
  I do get the "pam_sm_acct_mgmt :" prompt after providing the user's
  password and login successfully.
  The syslog messages show that 'conv_funp' in gabi_pam_conv
  returned PAM_CONV_ERROR when called for the SSH login and
  returned PAM_SUCCESS when called for the rlogin.
  Kerberos is NOT installed on my Solaris 9 system.
  Can anyone please explain this behavior ?
  Thanks,
  Gabi

  After reading a little about this it looks like you have users enter user exec mode by default and after typing "enable" then entering the TACACS+ password you probably get denied.  If this is the case you are kind of left to your own devices.  I'll provide you some information and let you determine the best course.
  R1(config-line#) privilege level [0-15] 
  This line sets the privilege level of users that are logging in via SSH or other teleterminal services.
  Here is an excerpt from the documentation for tac_plus provided at http://www.shrubbery.net/tac_plus/
  CONFIGURING ENABLE PASSWORDS
  The default privilege level for an ordinary user on the NAS is usually
  1. When a user enables, she can reset this level to a value between 0
  and 15 by using the NAS "enable" command. If she doesn't specify a
  level, the default level she enables to is 15.
  You can enable via tacacs+ e.g. by configuring on the NAS:
          aaa authentication enable default tacacs+
  then whenever you attempt to enable, an authentication request is sent
  with the special username $enab<n>$ where <n> is the privilege level
  you are attempting to enable to.
  (Note: in order to be compatible with earlier versions of tacacs, when
  the requested enable level is 15, the daemon will also try the
  username $enable$ before trying username $enab15$).
  For example, with the above declaration, in order to enable on the
  NAS, you need a user declaration like this one, on the daemon:
  user = $enab15$ {
      login = cleartext "the enable password for level 15"
  Note: Be aware that this does have the side effect that you now have a
  user named $enab15$ who can then login to your NAS if she knows the
  enable password.
  Here is a similar declaration allowing users to enable to level 4:
  user = $enab4$ {
      login = des bsoF4OivQCY8Q

• Why does it keep asking me for the login keychain password?

  I am having a problem where my imac keeps asking me for a "login keychain" password. I type in my password every time, but that doesn't fix my problem. I need to know if this is bad or not, and how i can turn it off.
  Thanks!

  Hey there Daniel,
  It sounds like you are being prompted over and over for your Login Keychain, and entering it does not seem to make the prompts stop. I would start by running First Aid on the Keychain with this article:
  Mac OS X 10.6: Solving problems with keychains
  http://support.apple.com/kb/ph7296
  To check keychains for problems using Keychain First Aid:
  Open Keychain Access, located in the Utilites folder in the Applications folder.
  Choose Keychain Access > Keychain First Aid.
  Enter your user name and password.
  Select Verify and click Start. Any problems found will be displayed.
  If there are problems, select Repair, and then click Start.
  If that does not resolve the issue, I would next reset your Keychain:
  In Keychain Access, choose Preferences from the Keychain Access menu.
  If available, click the Reset My Default Keychain button. This will remove the login keychain and create a new one with the password provided.
  If Reset My Default Keychain is not available, choose Keychain List from the Edit menu.
  Delete the "login" keychain.
  The next time you log in to the account, you can save your current password in a keychain.
  From: OS X: Keychain Access asks for keychain "login" after changing login           password
            http://support.apple.com/kb/ht1631
  Thank you for using Apple Support Communities.
  All the very best,
  Sterling

• How to Handle Bad logins - alerts

  Hi ALL ...
  i got so many alerts related to bad logins from all servers. How to handle these alerts. Below one is the example ...
  EX 1) : Server Name : ErrorLog Report - Bad login(s):  'NT AUTHORITY\SYSTEM'
  Regards
  Pradeep

  Hi Neha ,
  Below are the more details from logs ..... The above two articles are not related to my issue. Iwant to handle this type of alerts. Actuallly daily we got this type of alerts many times  from same server
  LogDate                 ProcessInfo  LogText                                                                                                                                                                                                               
  xxxxx      Logon        Error: 18456, Severity: 14, State: 16                                                                                                                                                                                   
  xxxxx      Logon        Login failed for user 'NT AUTHORITY\SYSTEM'. [CLIENT: <local machine>]                                                                                                                                                 
  xxxxx       Logon        Error: 18456, Severity: 14, State: 16.                                                                                                                                                                                  
  xxxxxx     Logon        Login failed for user 'NT AUTHORITY\SYSTEM'. [CLIENT: <local machine>]
  (4 rows affected)
  So please suggest me ........
  Thanks in advance ......
  Pradeep

• Problem in Creation of implementaton for Badi FAGL_DERIVE_SEGMENT

  Hello Abapers,
  I am facing problem when creating a implementaion for BADI FAGL_DERIVE_SEGMENT,
  FAGL_DERIVE_PSEGMENT,
  The error is when i am going to save any of BADI implemenations, Specify filter types..
  The badi is very important to meet my requirement.So How to solve this problem.
  Waiting for your favourable replies.
  Thanks & Regards
  Maruthi.K

  Hi,
          Implementing a Filter-Dependent Business Add-In
  If you want to use a filter-dependent Business Add-In, you will need an implementation for each relevant filter value. Multiple filter values may use the same implementation, however.
  When implementing a filter-dependent Business Add-In, proceed as follows:
  Create an implementation by referring to the corresponding Business Add-In definition.
  Enter a characteristic filter value for the implementation, or choose F4 and select a value from the list of possible entries displayed. In principle, it is possible to define multiple characteristic filter values for each implementation.
  Use the Class Editor to fill the interface method.
  In the string conversion example, you would make the following entries for each country:
  BRD:
  translate parameter to upper case.
  Ireland:
  translate parameter to lower case.
  Italy:
  translate ...
  Repeat steps 1-3 for each implementation that you create.
  Activate your implementations.
  Now, whenever you execute the report program described above, different country-specific implementations are executed.
  Regards

• Report for badi and useexits

  Hi All.
  Is there any program(report) for getting directly BADI's for t.ocdes.
  means if we select a T.code.. the report has to give the related BADI's.
  Thanks,
  srii..

  Hi ,
  This is the code to find BADI's and UserExits Actually i copied this code from SCN long back .
  * Global Declaration
  TABLES : tstc,         " SAP Transaction Codes
           tadir,        " Directory of Repository Objects
           modsapt,      " SAP Enhancements - Short Texts
           modact,       " Modifications
           trdir,        " System Table TRDIR
           tfdir,        " Function Module
           enlfdir,      " Additional Attributes for Function Modules
           sxs_attrt ,   " Exit: Definition side: Attributes, Text table
           tstct.        " Transaction Code Texts
  * Data Declaration
  DATA : jtab LIKE tadir OCCURS 0 WITH HEADER LINE.
  DATA : field1(30).
  DATA : v_devclass LIKE tadir-devclass.
  DATA wa_tadir TYPE tadir.
  * Selection screen
  PARAMETERS : p_tcode LIKE tstc-tcode,
  p_pgmna LIKE tstc-pgmna .
  * Event: start-of-selection
  START-OF-SELECTION.
    IF NOT p_tcode IS INITIAL.
      SELECT SINGLE * FROM tstc WHERE tcode EQ p_tcode.
    ELSEIF NOT p_pgmna IS INITIAL.
      tstc-pgmna = p_pgmna.
    ENDIF.
    IF sy-subrc EQ 0.
      SELECT SINGLE * FROM tadir
      WHERE pgmid = 'R3TR'
      AND object = 'PROG'
      AND obj_name = tstc-pgmna.
      MOVE : tadir-devclass TO v_devclass.
      IF sy-subrc NE 0.
        SELECT SINGLE * FROM trdir
        WHERE name = tstc-pgmna.
        IF trdir-subc EQ 'F'.
          SELECT SINGLE * FROM tfdir
          WHERE pname = tstc-pgmna.
          SELECT SINGLE * FROM enlfdir
          WHERE funcname = tfdir-funcname.
          SELECT SINGLE * FROM tadir
          WHERE pgmid = 'R3TR'
          AND object = 'FUGR'
          AND obj_name EQ enlfdir-area.
          MOVE : tadir-devclass TO v_devclass.
        ENDIF.
      ENDIF.
      SELECT * FROM tadir INTO TABLE jtab
      WHERE pgmid = 'R3TR'
      AND object IN ('SMOD', 'SXSD')
      AND devclass = v_devclass.
      SELECT SINGLE * FROM tstct
      WHERE sprsl EQ sy-langu
      AND tcode EQ p_tcode.
      FORMAT COLOR COL_POSITIVE INTENSIFIED OFF.
      WRITE:/(19) 'Transaction Code - ',
      20(20) p_tcode,
      45(50) tstct-ttext.
      SKIP.
      IF NOT jtab[] IS INITIAL.
        WRITE:/(105) sy-uline.
        FORMAT COLOR COL_HEADING INTENSIFIED ON.
  *Sorting the internal Table
        SORT jtab BY object.
        DATA : wf_txt(60) TYPE c,
        wf_smod TYPE i ,
        wf_badi TYPE i ,
        wf_object2(30) TYPE c.
        CLEAR : wf_smod, wf_badi , wf_object2.
  *Get the total SMOD.
    LOOP AT jtab INTO wa_tadir.
      AT FIRST.
        FORMAT COLOR COL_HEADING INTENSIFIED ON.
        WRITE:/1 sy-vline,
        2 'Enhancement/ Business Add-in',
        41 sy-vline ,
        42 'Description',
        105 sy-vline.
        WRITE:/(105) sy-uline.
      ENDAT.
      CLEAR wf_txt.
      AT NEW object.
        IF wa_tadir-object = 'SMOD'.
          wf_object2 = 'Enhancement' .
        ELSEIF wa_tadir-object = 'SXSD'.
          wf_object2 = ' Business Add-in'.
        ENDIF.
        FORMAT COLOR COL_GROUP INTENSIFIED ON.
        WRITE:/1 sy-vline,
        2 wf_object2,
        105 sy-vline.
      ENDAT.
      CASE wa_tadir-object.
        WHEN 'SMOD'.
          wf_smod = wf_smod + 1.
          SELECT SINGLE modtext INTO wf_txt
          FROM modsapt
          WHERE sprsl = sy-langu
          AND name = wa_tadir-obj_name.
          FORMAT COLOR COL_NORMAL INTENSIFIED OFF.
        WHEN 'SXSD'.
  *For BADis
          wf_badi = wf_badi + 1 .
          SELECT SINGLE text INTO wf_txt
          FROM sxs_attrt
          WHERE sprsl = sy-langu
          AND exit_name = wa_tadir-obj_name.
          FORMAT COLOR COL_NORMAL INTENSIFIED ON.
      ENDCASE.
      WRITE:/1 sy-vline,
      2 wa_tadir-obj_name HOTSPOT ON,
      41 sy-vline ,
      42 wf_txt,
      105 sy-vline.
      AT END OF object.
        WRITE : /(105) sy-uline.
      ENDAT.
    ENDLOOP.
    WRITE:/(105) sy-uline.
    SKIP.
    FORMAT COLOR COL_TOTAL INTENSIFIED ON.
    WRITE:/ 'No.of Exits:' , wf_smod.
    WRITE:/ 'No.of BADis:' , wf_badi.
  ELSE.
    FORMAT COLOR COL_NEGATIVE INTENSIFIED ON.
    WRITE:/(105) 'No userexits or BADis exist'.
  ENDIF.
  ELSE.
  FORMAT COLOR COL_NEGATIVE INTENSIFIED ON.
  WRITE:/(105) 'Transaction does not exist'.
  ENDIF.
  AT LINE-SELECTION.
    DATA : wf_object TYPE tadir-object.
    CLEAR wf_object.
    GET CURSOR FIELD field1.
    CHECK field1(8) EQ 'WA_TADIR'.
    READ TABLE jtab WITH KEY obj_name = sy-lisel+1(20).
    MOVE jtab-object TO wf_object.
    CASE wf_object.
      WHEN 'SMOD'.
        SET PARAMETER ID 'MON' FIELD sy-lisel+1(10).
        CALL TRANSACTION 'SMOD' AND SKIP FIRST SCREEN.
      WHEN 'SXSD'.
        SET PARAMETER ID 'EXN' FIELD sy-lisel+1(20).
        CALL TRANSACTION 'SE18' AND SKIP FIRST SCREEN.
    ENDCASE.
    DO 2 TIMES.
    ENDDO.
  Thanks & Regards

• Asking for vendor login while opening Attached docs for Vendor

  Hi,
  We are using SRM 4.0 classic scenario.
  Having two issues regarding Vendor Bid..
  1.
  When the Bid invitation is submitted we would like the system to send the Extranet alias URL to the vendor for logging in rather than the original ITS URL for vendor login.
  So do we have to control this using the Smarform 'IV_URL' parameter
  or
  i tried to add this extranet alias URL as the EXT_ITS attribute in the Org structure and this shows up in the vendor e-mail. But does not work. Are there any other settings to be taken care of to make this work.
  2.
  The external vendor logs into the Webgui using the Single sign on setup.
  Now when the vendor tries to open the attachements sent in by the Purchaser it asks them for a SAP login which the vendors will not be aware of.
  Any ideas on how to avoid this step as we dont give our vendors the SAP user id and password.
  Regards
  Manoj A.

  Hi,
  We are using SRM 4.0 classic scenario.
  Having two issues regarding Vendor Bid..
  1.
  When the Bid invitation is submitted we would like the system to send the Extranet alias URL to the vendor for logging in rather than the original ITS URL for vendor login.
  So do we have to control this using the Smarform 'IV_URL' parameter
  or
  i tried to add this extranet alias URL as the EXT_ITS attribute in the Org structure and this shows up in the vendor e-mail. But does not work. Are there any other settings to be taken care of to make this work.
  2.
  The external vendor logs into the Webgui using the Single sign on setup.
  Now when the vendor tries to open the attachements sent in by the Purchaser it asks them for a SAP login which the vendors will not be aware of.
  Any ideas on how to avoid this step as we dont give our vendors the SAP user id and password.
  Regards
  Manoj A.

• HT201317 When I go to log onto iCloud using my Windows 7 and it asks for my login information, I get the error saying my Apple account is valid but not an iCloud account. How do I get an iCloud account? Thank you

  When I go to log onto iCloud using my Windows 7 and it asks for my login information, I get the error saying my Apple ID is valid but not an iCloud account. How do I get an iCloud account?
  I don't have any apple products personally, this is for work to use Photo Stream so when Superintendents & Project Managers take pictures of their construction site, I am able to have those images immediately.
  Thank you

  You can not create an iCloud account using a PC, you will need an Apple product. Once the account exists you can logon to it from a PC.

• I just upgraded to Lion. I was trying to set up the iCloud and it asked for my "login" keychain password. I've never been asked for that before. I've tried every password I can think of and nothing works. Is there a way to reset the keychain password?

  I just upgraded to Lion. I was trying to set up iCloud and it asked for my "login" keychain password. I've never been asked for the keychain password before. I've tried every password I can think of and nothing works. I'm normally asked for the password to my machine when upgrading software, signing on, etc. but this is different apparently. I tried the same password and it didn't work either. I read a couple of posts and they all want to take me through Applications/Utilities but that requires knowing your password in order to change it. I don't know it. Don't remember ever setting up a keychain password. Does anyone know how to change the keychain password if you don't know the keychain password???

  Most of the time your Keychain password is the same as your login password. If you configured your computer to log you in automatically, you may not have used your login password in so long you forgot it.
  There is no way to retrieve the "login" Keychain password, but you can reset the Keychain from the Preferences menu: select it in the Keychain Access menu and select "Reset My Default Keychain". This will create a new, empty Keychain but the old one will be saved should you ever remember its password.
  The result of this is that you will have to supply passwords for everything that requires it, since without your Keychain they will no longer automatically fill themselves. However, once you supply them and store them in your new Keychain, they will be remembered.

• TS1292 I bought a 4 pack of $25 Itunes gift cards and only 2 will activate.  For the second two it just keeps asking for my login. No error message just keeps repeating the login

  I bought a 4 pack of $25 Itunes gift cards and only 2 will activate.  For the second two it just keeps asking for my login. No error message just keeps repeating the login.  Is there any way to fix this or did I just lose $50

  Report this here:
  iTunes Store Support
  http://www.apple.com/emea/support/itunes/contact.html

• Hello, i have been sent the following email from apple: - You've taken the added security step and provided a rescue email address. Now all you need to do is verify that it belongs to you... and asks for apple login details, is this a genuine request?

  Hello, i have been sent the following email from apple, see below and asks for apple login details, is this a genuine request?
  Thank you.
  You’ve taken the added security step and provided a rescue email address. Now all you need to do is verify that it belongs to you.
  The rescue email address that you gave us is [email protected]
  Just click the link below to verify, sign in using your Apple ID and password, then follow the prompts.
  Verify Now >
  The rescue email address is dedicated to your security and allows Apple to get in touch if any account questions come up, such as the need to reset your password or change your security questions. As promised, Apple will never send any announcements or marketing messages to this address.
  When using Apple products and services, you’ll still sign in with your primary email address as your Apple ID.
  It’s about protecting your identity.
  Just so you know, Apple sends out an email whenever someone adds or changes a rescue email address associated with an existing Apple ID. If you received this email in error, don’t worry. It’s likely someone just mistyped their own email address when creating a new Apple ID.
  If you have questions or need help, visit the Apple ID Support site.
  Thanks again,
  Apple Support

  In that case, someone is trying to hi-jack your Apple ID.
  You should change your password immediately.

• How do I check for bad sectors on the hard drive? (Need help soon!)

  I've asked this in a different thread but am not getting exactly the question answered completely. I need to run a check on my drive that will test each sector and if a bad sector is found, it will block that sector from being written to with data in the future.
  I used to use Disk First Aid or Apple HD Setup or Norton Utilities to do this. Norton does not appear to be made for Mac OSX 10.4.4 and those other utilities appear to be System 9 and earlier utilities only.
  Is there some way of doing this with current Apple tools? My original post is at http://discussions.apple.com/thread.jspa?messageID=1592160#1592160
  Thank you. I've been down since Saturday and really need to get an answer so I can move forward and get my computer back up and running.

  There is only one way to do this. Make a bootable backup of your drive to an external Firewire drive (you can use the Restore option of Disk Utility.) Then do the following:
  1 Boot from your Tiger DVD. After the installer loads select Disk Utility from the Utilities.
  2. After DU loads select your hard drive (this is the entry with the mfgr.'s ID and size) from the left side list. Click on the Partition tab in the DU main window.
  3. Set the number of partitions from the dropdown menu (use 1 partition unless you wish to make more.) Set the format type to Mac OS Extended (Journaled, if supported.) Click on the Partition button and wait until the volume(s) mount on the Desktop.
  4. Select the volume you just created (this is the sub-entry under the drive entry) from the left side list. Click on the Erase tab in the DU main window.
  5. Set the format type to Mac OS Extended (Journaled, if supported.) Click on the Options button, check the button for Zero Data and click on OK to return to the Erase window.
  6. Click on the Erase button. The format process will take 30 minutes to an hour or more depending upon the drive size.
  By reformatting using the Zero Data option DU will force checking for bad blocks.
  If you wish to forego the above procedure you can purchase TechTool Pro (v. 4.1.1) which has a module for scanning the disk for bad blocks. However, repairing the drive can only be done by reformatting.

• Disk Utility: for bad blocks on hard disks, are seven overwrites any more effective than a single pass of zeros?

  In this topic I'm not interested in security or data remanence (for such things we can turn to e.g. Wilders Security Forums).
  I'm interested solely in best practice approaches to dealing with bad blocks on hard disks.
  I read potentially conflicting information. Examples:
  … 7-way write (not just zero all, it does NOT do a reliable safe job mapping out bad blocks) …
  — https://discussions.apple.com/message/8191915#8191915 (2008-09-29)
  … In theory zero all might find weak or bad blocks but there are better tools …
  — https://discussions.apple.com/message/11199777#11199777 (2010-03-09)
  … substitution will happen on the first re-write with Zeroes. More passes just takes longer.
  — https://discussions.apple.com/message/12414270#12414270 (2010-10-12)
  For bad block purposes alone I can't imagine seven overwrites being any more effective than a single pass of zeros.
  Please, can anyone elaborate?
  Anecdotally, I did find that a Disk Utility single pass of zeros seemed to make good (good enough for a particular purpose) a disk that was previously unreliable (a disk drive that had been dropped).

  @MrHoffman
  As well pointed your answers are, you are not answering the original question, and regarding consumer device hard drives your answers are missleading.
  Consumer device hard drives ONLY remap a bad sector on write. That means regardless how many spare capacity the drive has, it will NEVER remap the sector. That means you ALWAYS have a bad file containing a bad sector.
  In other words YOU would throw away an otherwise fully functional drive. That might be reasonable in a big enterprise where it is cheaper to replace the drive and let the RAID system take care of it.
  However on an iMac or MacBook (Pro) an ordinary user can not replace the drive himself, so on top of the drive costs he has to pay the repair bill (for a drive that likely STILL is in perfect shape, except for the one 'not yet' remaped bad block)
  You simply miss the point that the drive can have still one million good reserve blocks, but will never remap the affected block in a particular email or particular song or particular calendar. So as soon as the file affected is READ the machine hangs, all other processes more or less hang at the same moment they try to perform I/O because the process trying to read the bad block is blocking in the kernal. This happens regardless how many free reserve blocks you have, as the bad block never gets reallocated, unless it is written to it. And your email program wont rewrite an email that is 4 years old for you ... because it is not programmed to realize a certain file needs to be rewritten to get rid of a bad block.
  @Graham Perrin
  You are similar stubborn in not realizing that your original question is awnsered.
  A bad block gets remapped on write.
  So obviously it happens at the first write.
  How do you come to the strange idea that writing several times makes a difference? How do you come to the strange idea that the bytes you write make a difference? Suppose block 1234 is bad. And the blocks 100,000,000 to 100,000,999 are reserve blocks. When you write '********' to block 1234 the hard drive (firmware) will remap it to e.g. 100,000,101. All subsequent writes will go to the same NEW block. So why do you ask if doing it several times will 'improve' this? After all the awnsers here you should have realized: your question makes no sense as soon as you have understood how remapping works (is supposed to work). And no: it does not matter if you write a sequence od zeros, of '0's or of '1's or of 1s or of your social security number or just 'help me I'm hold prisoner in a software forum'.
  I would try to find a software that finds which file is affected, then try to read the bad block until you in fact have read it (that works surprisngly often but may take any time from a few mins to hours) ... in other words you need a software that tries to read the file and copies it completely, so even the bad block is read (hopefully) successful. Then write the whole data to a new file and delete the old one (deleting will free the bad block and ar some later time something will be written there and cause a remap).
  Writing zeros into the bad block basically only helps if you don't care that the affected file is corrupted afterwards. E.g. in case of a movie the player might crash after trying to display the affected area. E.g. if you know the affected file is a text file, it would make more sense to write a bunch of '-' signs, as they are readable while zero bytes are not (a text file is not supposed to contain zero bytes)
  Hope that helped ;)

• How do I check for bad memory

  I have 2008 Mac pro with 12G memory. Today it will not boot up. I get different color vertical lines on the monitor. I would like to check for bad memory dimms. How.
  Thanks,
  Rsood

  How to run hardware diagnostics for an Intel Mac
  Boot from your original OS X Installer Disc One that came with your computer.  After the chime press and hold down the "D" key until the diagnostic screen appears.  Run the extended tests for a minimum of two or three hours.  If any error messages appear note them down as you will need to report them to the service tech when you take the computer in for repair.
  Some "common" error indicators:
  SNS - sensor error
  MEM - memory error
  HDD - hard disk drive error
  MOT - fan error