Notification of number of unsuccessful login attempts
Clark, Patti
clarkp at osti.gov
Wed Mar 26 12:47:12 UTC 2008
I don't find using pam_tally or pam_tally2 useful. As noted, the
unsuccessful login attempt counts are cleared once a user successfully
logs onto a system. I'm not trying to run reports; I am trying to
inform the user at login whether there have been failed attempts and how
many of them. Now, if there is a way of extracting that information
prior to the clearing of the counts, I'm interested.
Patti
> -----Original Message-----
> From: nahant-list-bounces at redhat.com
> [mailto:nahant-list-bounces at redhat.com] On Behalf Of Alastair Neil
> Sent: Tuesday, March 25, 2008 6:08 PM
> To: Red Hat Enterprise Linux 4 (Nahant) Discussion List
> Cc: Pluggable Authentication Modules
> Subject: Re: Notification of number of unsuccessful login attempts
>
> you might want to look at pam_tally2 it comes with a script for doing
> just what you requested. I do not know if RHEL 4 come with it or not
> but it is certainly in CentOS 5
>
> On Tue, Mar 25, 2008 at 4:23 PM, Clark, Patti <clarkp at osti.gov> wrote:
> > Thank you for the info John. I was afraid of that since
> nothing came
> > from my research. There seems to be a few ways of collecting and
> > reporting via sysadmin type utilities and/or custom
> scripts, but nothing
> > via an options setting. <sigh> I have security
> requirements that want
> > to display to a user the number of failed login attempts for their
> > account in order to provide another avenue for flagging
> anomalies. Of
> > course we monitor the logs, but this comes under the
> defense-in-depth
> > column. Sometimes I go toe to toe with a Sun admin who
> likes to point
> > out how mature and secure Solaris is comparitively
> speaking. Every now
> > and then I can pull a rabbit out of the (Red) Hat.
> >
> > Patti
> >
> >
> > > -----Original Message-----
> > > From: nahant-list-bounces at redhat.com
> > > [mailto:nahant-list-bounces at redhat.com] On Behalf Of Stephen
> > > John Smoogen
> > > Sent: Tuesday, March 25, 2008 4:02 PM
> > > To: Red Hat Enterprise Linux 4 (Nahant) Discussion List
> > > Subject: Re: Notification of number of unsuccessful
> login attempts
> > >
> > > On Tue, Mar 25, 2008 at 1:30 PM, Clark, Patti
> <clarkp at osti.gov> wrote:
> > > >
> > > >
> > > >
> > > > While login offers up the last login notice, is there a way
> > > to also provide
> > > > the number of unsuccessful (failed) login attempts for a
> > > user account? I
> > > > have pam_tally tracking these and didn't find any options
> > > to display that
> > > > information to a user.
> > > >
> > >
> > > Hi Patti. All the files that log that (faillog) etc are
> in general not
> > > readable by a normal user. My layman response would be
> that you would
> > > need a setuid program to get the data which causes its
> own issues.
> > >
> > > > Patti Clark
> > > > Sr. Unix System Administrator - RHCT, GSEC
> > > > Office of Scientific and Technical Information
> > > >
> > > >
> > > > --
> > > > nahant-list mailing list
> > > > nahant-list at redhat.com
> > > > https://www.redhat.com/mailman/listinfo/nahant-list
> > > >
> > > >
> > >
> > >
> > >
> > > --
> > > Stephen J Smoogen. -- CSIRT/Linux System Administrator
> > > How far that little candle throws his beams! So shines a
> good deed
> > > in a naughty world. = Shakespeare. "The Merchant of Venice"
> > >
> > > --
> > > nahant-list mailing list
> > > nahant-list at redhat.com
> > > https://www.redhat.com/mailman/listinfo/nahant-list
> > >
> >
> > --
> > nahant-list mailing list
> > nahant-list at redhat.com
> > https://www.redhat.com/mailman/listinfo/nahant-list
> >
>
> --
> nahant-list mailing list
> nahant-list at redhat.com
> https://www.redhat.com/mailman/listinfo/nahant-list
>
More information about the Pam-list
mailing list