Solved

faillog failure

Posted on 2000-04-05
4
887 Views
Last Modified: 2013-12-16
What is required to make faillog track login failures?

I've tried:
1. In '/etc/login.defs', setting 'FAILLOG_ENAB yes'.
2. creating '/var/log/faillog' and setting a 600 permission on the file.
3. Anything else?

I've tried RedHat, Slackware, Corel, WinLinux 2000.
0
Comment
Question by:mmcmilla
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 40

Expert Comment

by:jlevie
ID: 2688326
I can't say for the others, but RedHat 6.1, "out-of-the-box", logs login failures via syslog to /var/log/messages. I don't see anything in the man page for login that suggests that the login mechanism uses /etc/login.defs or /var/log/faillog, but it does specifically state that login failures will be logged by syslog.
0
 

Author Comment

by:mmcmilla
ID: 2689502
Logins will be logged by /var/log/faillog, true.  But, I'm trying to limit the number of login failures (say, 5 password retries).  First of all, if /var/log/faillog doesn't exist, /usr/bin/faillog will not create the log file.  I create the /var/log/faillog with 0 bytes, run faillog -u <username> -m <max number failures>, faillog will write to /var/log/faillog with the settings I want.  Run faillog -u <username> and it will return the stats on that user (with 0 failures, of course).  Logout, and try to login as that user, but purposefully fail the login a couple of times.  Then, login as root, run faillog -u <username> and it still shows zero failures.  
I have not clue what's wrong.  I have read the man pages for faillog, but nothing seems to work.
0
 
LVL 40

Expert Comment

by:jlevie
ID: 2705215
When all else fails, "use the source Luke, use the source"...

I went into the source rpm that provides faillog (shadow-utils-19990827-2.src.rpm) and found that you need to enable use of the faillog facility in /etc/login.defs, like:

#
# Enable logging and display of /var/log/faillog login failure info.
#
FAILLOG_ENAB            yes

Interestingly, there are two section 5 manpages in the source that aren't on my system (login.defs.5 & login.access.5), well they weren't there before I looked at the sources... They are now.
0
 

Accepted Solution

by:
cowerict earned 200 total points
ID: 2724591
I figured out that the you have to use the -p flag. E.g.:
      faillog -p -u <username>

but using
      faillog -p -u <username> -t 1
also would show faillogs of more resent fails.

Source code provides the solution.
0

Featured Post

Interactive Way of Training for the AWS CSA Exam

An interactive way of learning that will help you visualize core concepts so that you can be more effective when taking your AWS certification exam.  Built for students by a student to help them understand the concepts that they are being taught.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Over the last ten+ years I have seen Linux configuration tools come and go. In the early days there was the tried-and-true, all-powerful linuxconf that many thought would remain the one and only Linux configuration tool until the end of times. Well,…
Introduction We as admins face situation where we need to redirect websites to another. This may be required as a part of an upgrade keeping the old URL but website should be served from new URL. This document would brief you on different ways ca…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Suggested Courses

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question