mmcmilla
asked on
faillog failure
What is required to make faillog track login failures?
I've tried:
1. In '/etc/login.defs', setting 'FAILLOG_ENAB yes'.
2. creating '/var/log/faillog' and setting a 600 permission on the file.
3. Anything else?
I've tried RedHat, Slackware, Corel, WinLinux 2000.
I've tried:
1. In '/etc/login.defs', setting 'FAILLOG_ENAB yes'.
2. creating '/var/log/faillog' and setting a 600 permission on the file.
3. Anything else?
I've tried RedHat, Slackware, Corel, WinLinux 2000.
I can't say for the others, but RedHat 6.1, "out-of-the-box", logs login failures via syslog to /var/log/messages. I don't see anything in the man page for login that suggests that the login mechanism uses /etc/login.defs or /var/log/faillog, but it does specifically state that login failures will be logged by syslog.
ASKER
Logins will be logged by /var/log/faillog, true. But, I'm trying to limit the number of login failures (say, 5 password retries). First of all, if /var/log/faillog doesn't exist, /usr/bin/faillog will not create the log file. I create the /var/log/faillog with 0 bytes, run faillog -u <username> -m <max number failures>, faillog will write to /var/log/faillog with the settings I want. Run faillog -u <username> and it will return the stats on that user (with 0 failures, of course). Logout, and try to login as that user, but purposefully fail the login a couple of times. Then, login as root, run faillog -u <username> and it still shows zero failures.
I have not clue what's wrong. I have read the man pages for faillog, but nothing seems to work.
I have not clue what's wrong. I have read the man pages for faillog, but nothing seems to work.
When all else fails, "use the source Luke, use the source"...
I went into the source rpm that provides faillog (shadow-utils-19990827-2.s rc.rpm) and found that you need to enable use of the faillog facility in /etc/login.defs, like:
#
# Enable logging and display of /var/log/faillog login failure info.
#
FAILLOG_ENAB yes
Interestingly, there are two section 5 manpages in the source that aren't on my system (login.defs.5 & login.access.5), well they weren't there before I looked at the sources... They are now.
I went into the source rpm that provides faillog (shadow-utils-19990827-2.s
#
# Enable logging and display of /var/log/faillog login failure info.
#
FAILLOG_ENAB yes
Interestingly, there are two section 5 manpages in the source that aren't on my system (login.defs.5 & login.access.5), well they weren't there before I looked at the sources... They are now.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.