Solved

faillog failure

Posted on 2000-04-05
4
858 Views
Last Modified: 2013-12-16
What is required to make faillog track login failures?

I've tried:
1. In '/etc/login.defs', setting 'FAILLOG_ENAB yes'.
2. creating '/var/log/faillog' and setting a 600 permission on the file.
3. Anything else?

I've tried RedHat, Slackware, Corel, WinLinux 2000.
0
Comment
Question by:mmcmilla
  • 2
4 Comments
 
LVL 40

Expert Comment

by:jlevie
ID: 2688326
I can't say for the others, but RedHat 6.1, "out-of-the-box", logs login failures via syslog to /var/log/messages. I don't see anything in the man page for login that suggests that the login mechanism uses /etc/login.defs or /var/log/faillog, but it does specifically state that login failures will be logged by syslog.
0
 

Author Comment

by:mmcmilla
ID: 2689502
Logins will be logged by /var/log/faillog, true.  But, I'm trying to limit the number of login failures (say, 5 password retries).  First of all, if /var/log/faillog doesn't exist, /usr/bin/faillog will not create the log file.  I create the /var/log/faillog with 0 bytes, run faillog -u <username> -m <max number failures>, faillog will write to /var/log/faillog with the settings I want.  Run faillog -u <username> and it will return the stats on that user (with 0 failures, of course).  Logout, and try to login as that user, but purposefully fail the login a couple of times.  Then, login as root, run faillog -u <username> and it still shows zero failures.  
I have not clue what's wrong.  I have read the man pages for faillog, but nothing seems to work.
0
 
LVL 40

Expert Comment

by:jlevie
ID: 2705215
When all else fails, "use the source Luke, use the source"...

I went into the source rpm that provides faillog (shadow-utils-19990827-2.src.rpm) and found that you need to enable use of the faillog facility in /etc/login.defs, like:

#
# Enable logging and display of /var/log/faillog login failure info.
#
FAILLOG_ENAB            yes

Interestingly, there are two section 5 manpages in the source that aren't on my system (login.defs.5 & login.access.5), well they weren't there before I looked at the sources... They are now.
0
 

Accepted Solution

by:
cowerict earned 200 total points
ID: 2724591
I figured out that the you have to use the -p flag. E.g.:
      faillog -p -u <username>

but using
      faillog -p -u <username> -t 1
also would show faillogs of more resent fails.

Source code provides the solution.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Join & Write a Comment

Over the last ten+ years I have seen Linux configuration tools come and go. In the early days there was the tried-and-true, all-powerful linuxconf that many thought would remain the one and only Linux configuration tool until the end of times. Well,…
Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now