Logging Failed Login attempts

Alexander Dalloz ad+lists at uni-x.org
Wed Jun 15 15:59:24 UTC 2005 

Am Mi, den 15.06.2005 schrieb Ted Beaton um 14:57:

> I'm trying to log bad login attemps.  They are supposed to be logged to 
> /var/log/btmp according to the man page on the "lastb" command.  I 
> touched the /var/log/btmp file to create it and when I run the lastb 
> command it reads the file but none of the "bad login attempts" get 
> logged to the file.  Anyone know how to turn this logging on?  I have 
> tested faillog and that works if someone uses a real username to try and 
> login and fails but does not record failed login attempts with a bogus 
> username (ie someone guessing usernames).  Any ideas?
> 
> All information contained in this email is confidential and may be used by the intended recipient only.

Am I allowed to answer in public? Was I even allowed to read your
message?

Anyway, how do you test "lastb"? Bad login attempts on the console are
properly logged for me:

$ lastb
barfoo   tty1                          Wed Jun 15 17:53 - 17:53  (00:00)
foobar   tty1                          Wed Jun 15 17:53 - 17:53  (00:00)

And failed SSH logins with a fake username are logged to syslog's
messages file:

Jun 15 17:56:47 blacky sshd(pam_unix)[8038]: check pass; user unknown
Jun 15 17:56:47 blacky pam_tally[8038]: pam_tally: pam_get_uid; no such
user NOUSER
Jun 15 17:56:49 blacky sshd(pam_unix)[8038]: 2 more authentication
failures; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=<hostname of
user>

Alexander


-- 
Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.27_FC2smp 
Serendipity 17:53:26 up 22 days, 16:31, load average: 0.28, 0.31, 0.27 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20050615/03210221/attachment-0001.sig>

More information about the fedora-list mailing list