pam_tally2 and tallylog

Phil Beckley phil.beckley at gmail.com
Sun Jan 24 16:07:38 UTC 2016


Maybe a little background would help here. I'm working on a log watcher (of
sorts) for failed SSH logins, only, I'm looking at registered users
exclusively. Auth.log seems too cumbersome to watch and extract out
registered users if a distributed attack occurs. So, I wanted to use
tallylog to see how many failed attempts have occurred for registered users
and use a script from there to take action. What do you think?
On Jan 23, 2016 6:22 PM, "Paul Whitney" <paul.whitney at mac.com> wrote:

> Re #1. Maybe what you are looking for is to parse output of command
> 'lastb'.
>
> Re #2. There is lots of Google references to PAM.
>
> Paul Whitney
> email: paul.whitney at mac.com
> cell: 410.493.9448
>
> Sent from my iPhone
>
> > On Jan 23, 2016, at 16:18, Phil Beckley <phil.beckley at gmail.com> wrote:
> >
> > Hi all,
> >
> > I've been looking for documentation and in forums, but I'm not having
> any luck getting more information on the items in the subject. I have a
> couple of questions and please let me know if this isn't the right place to
> address these questions.
> >
> > 1. Why is tallylog a binary file? I would love to parse it like a log,
> but that seems like a difficult task.
> > 2. Is there a more in-depth description/explanation of how to modify the
> pam conf files? I was looking at the PAM SA guide, but was unable to make
> sense of a lot of it as I don't have a background in PAM, as a whole.
> >
> > Thanks for your help.
> >
> >
> > P
> > _______________________________________________
> > Pam-list mailing list
> > Pam-list at redhat.com
> > https://www.redhat.com/mailman/listinfo/pam-list
>
> _______________________________________________
> Pam-list mailing list
> Pam-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pam-list
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pam-list/attachments/20160124/83206582/attachment.htm>


More information about the Pam-list mailing list