Logging Failed Login attempts
Alexander Dalloz
ad+lists at uni-x.org
Wed Jun 15 15:59:24 UTC 2005
Am Mi, den 15.06.2005 schrieb Ted Beaton um 14:57:
> I'm trying to log bad login attemps. They are supposed to be logged to
> /var/log/btmp according to the man page on the "lastb" command. I
> touched the /var/log/btmp file to create it and when I run the lastb
> command it reads the file but none of the "bad login attempts" get
> logged to the file. Anyone know how to turn this logging on? I have
> tested faillog and that works if someone uses a real username to try and
> login and fails but does not record failed login attempts with a bogus
> username (ie someone guessing usernames). Any ideas?
>
> All information contained in this email is confidential and may be used by the intended recipient only.
Am I allowed to answer in public? Was I even allowed to read your
message?
Anyway, how do you test "lastb"? Bad login attempts on the console are
properly logged for me:
$ lastb
barfoo tty1 Wed Jun 15 17:53 - 17:53 (00:00)
foobar tty1 Wed Jun 15 17:53 - 17:53 (00:00)
And failed SSH logins with a fake username are logged to syslog's
messages file:
Jun 15 17:56:47 blacky sshd(pam_unix)[8038]: check pass; user unknown
Jun 15 17:56:47 blacky pam_tally[8038]: pam_tally: pam_get_uid; no such
user NOUSER
Jun 15 17:56:49 blacky sshd(pam_unix)[8038]: 2 more authentication
failures; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=<hostname of
user>
Alexander
--
Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.27_FC2smp
Serendipity 17:53:26 up 22 days, 16:31, load average: 0.28, 0.31, 0.27
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20050615/03210221/attachment-0001.sig>
More information about the fedora-list
mailing list