[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: Notification of number of unsuccessful login attempts



I don't find using pam_tally or pam_tally2 useful.  As noted, the
unsuccessful login attempt counts are cleared once a user successfully
logs onto a system.  I'm not trying to run reports; I am trying to
inform the user at login whether there have been failed attempts and how
many of them.  Now, if there is a way of extracting that information
prior to the clearing of the counts, I'm interested.

Patti 
> -----Original Message-----
> From: nahant-list-bounces redhat com 
> [mailto:nahant-list-bounces redhat com] On Behalf Of Alastair Neil
> Sent: Tuesday, March 25, 2008 6:08 PM
> To: Red Hat Enterprise Linux 4 (Nahant) Discussion List
> Cc: Pluggable Authentication Modules
> Subject: Re: Notification of number of unsuccessful login attempts
> 
> you might want to look at pam_tally2 it comes with a script for doing
> just what you requested.  I do not know if RHEL 4 come with it or not
> but it is certainly in CentOS 5
> 
> On Tue, Mar 25, 2008 at 4:23 PM, Clark, Patti <clarkp osti gov> wrote:
> > Thank you for the info John.  I was afraid of that since 
> nothing came
> >  from my research.  There seems to be a few ways of collecting and
> >  reporting via sysadmin type utilities and/or custom 
> scripts, but nothing
> >  via an options setting.  <sigh>  I have security 
> requirements that want
> >  to display to a user the number of failed login attempts for their
> >  account in order to provide another avenue for flagging 
> anomalies.  Of
> >  course we monitor the logs, but this comes under the 
> defense-in-depth
> >  column.  Sometimes I go toe to toe with a Sun admin who 
> likes to point
> >  out how mature and secure Solaris is comparitively 
> speaking.  Every now
> >  and then I can pull a rabbit out of the (Red) Hat.
> >
> >  Patti
> >
> >
> > > -----Original Message-----
> >  > From: nahant-list-bounces redhat com
> >  > [mailto:nahant-list-bounces redhat com] On Behalf Of Stephen
> >  > John Smoogen
> >  > Sent: Tuesday, March 25, 2008 4:02 PM
> >  > To: Red Hat Enterprise Linux 4 (Nahant) Discussion List
> >  > Subject: Re: Notification of number of unsuccessful 
> login attempts
> >  >
> >  > On Tue, Mar 25, 2008 at 1:30 PM, Clark, Patti 
> <clarkp osti gov> wrote:
> >  > >
> >  > >
> >  > >
> >  > > While login offers up the last login notice, is there a way
> >  > to also provide
> >  > > the number of unsuccessful (failed) login attempts for a
> >  > user account?  I
> >  > > have pam_tally tracking these and didn't find any options
> >  > to display that
> >  > > information to a user.
> >  > >
> >  >
> >  > Hi Patti. All the files that log that (faillog) etc are 
> in general not
> >  > readable by a normal user. My layman response would be 
> that you would
> >  > need a setuid program to get the data which causes its 
> own issues.
> >  >
> >  > > Patti Clark
> >  > > Sr. Unix System Administrator - RHCT, GSEC
> >  > > Office of Scientific and Technical Information
> >  > >
> >  > >
> >  > > --
> >  > >  nahant-list mailing list
> >  > >  nahant-list redhat com
> >  > >  https://www.redhat.com/mailman/listinfo/nahant-list
> >  > >
> >  > >
> >  >
> >  >
> >  >
> >  > --
> >  > Stephen J Smoogen. -- CSIRT/Linux System Administrator
> >  > How far that little candle throws his beams! So shines a 
> good deed
> >  > in a naughty world. = Shakespeare. "The Merchant of Venice"
> >  >
> >  > --
> >  > nahant-list mailing list
> >  > nahant-list redhat com
> >  > https://www.redhat.com/mailman/listinfo/nahant-list
> >  >
> >
> >  --
> >  nahant-list mailing list
> >  nahant-list redhat com
> >  https://www.redhat.com/mailman/listinfo/nahant-list
> >
> 
> --
> nahant-list mailing list
> nahant-list redhat com
> https://www.redhat.com/mailman/listinfo/nahant-list
> 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]