Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

faillog failure

Posted on 2000-04-05
4
Medium Priority
?
914 Views
Last Modified: 2013-12-16
What is required to make faillog track login failures?

I've tried:
1. In '/etc/login.defs', setting 'FAILLOG_ENAB yes'.
2. creating '/var/log/faillog' and setting a 600 permission on the file.
3. Anything else?

I've tried RedHat, Slackware, Corel, WinLinux 2000.
0
Comment
Question by:mmcmilla
  • 2
4 Comments
 
LVL 40

Expert Comment

by:jlevie
ID: 2688326
I can't say for the others, but RedHat 6.1, "out-of-the-box", logs login failures via syslog to /var/log/messages. I don't see anything in the man page for login that suggests that the login mechanism uses /etc/login.defs or /var/log/faillog, but it does specifically state that login failures will be logged by syslog.
0
 

Author Comment

by:mmcmilla
ID: 2689502
Logins will be logged by /var/log/faillog, true.  But, I'm trying to limit the number of login failures (say, 5 password retries).  First of all, if /var/log/faillog doesn't exist, /usr/bin/faillog will not create the log file.  I create the /var/log/faillog with 0 bytes, run faillog -u <username> -m <max number failures>, faillog will write to /var/log/faillog with the settings I want.  Run faillog -u <username> and it will return the stats on that user (with 0 failures, of course).  Logout, and try to login as that user, but purposefully fail the login a couple of times.  Then, login as root, run faillog -u <username> and it still shows zero failures.  
I have not clue what's wrong.  I have read the man pages for faillog, but nothing seems to work.
0
 
LVL 40

Expert Comment

by:jlevie
ID: 2705215
When all else fails, "use the source Luke, use the source"...

I went into the source rpm that provides faillog (shadow-utils-19990827-2.src.rpm) and found that you need to enable use of the faillog facility in /etc/login.defs, like:

#
# Enable logging and display of /var/log/faillog login failure info.
#
FAILLOG_ENAB            yes

Interestingly, there are two section 5 manpages in the source that aren't on my system (login.defs.5 & login.access.5), well they weren't there before I looked at the sources... They are now.
0
 

Accepted Solution

by:
cowerict earned 400 total points
ID: 2724591
I figured out that the you have to use the -p flag. E.g.:
      faillog -p -u <username>

but using
      faillog -p -u <username> -t 1
also would show faillogs of more resent fails.

Source code provides the solution.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy.  This article also serves as your NTP server documentation.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses
Course of the Month7 days, 17 hours left to enroll

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question