LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 01-28-2013, 09:26 AM   #1
Ronayn
Member
 
Registered: Jan 2006
Posts: 55

Rep: Reputation: 0
Problem with showing failed login attempts using pam_lastlog.so


Hello,

I have a computer with Fedora 14 installed. By default, it shows the last login when I login. However, I want it to also show any failed login attempts.

I've researched PAM on how to do this, and have implemented the solution provided by the man page (and confirmed by several web pages). The problem is, this solution causes the last login line to appear twice -- and with two different times!

When reading the man page, it mentions that some modules will show the last login by default (hence you dont need pam_lastlog if the only thing you want is to show the last login), but I want the last login AND the failed login attempts (with no repeating lines).

Any help would be appreciated!
 
Old 01-28-2013, 05:14 PM   #2
kbp
Senior Member
 
Registered: Aug 2009
Posts: 3,758

Rep: Reputation: 643Reputation: 643Reputation: 643Reputation: 643Reputation: 643Reputation: 643
I ran into the same problem a while back .. try this:
Code:
cat <<EOF >> /etc/ssh/sshd_config
# Disabled here, added to /etc/pam.d/sshd to show failed logins
PrintLastLog no
EOF

grep -e '^UsePAM.*' /etc/ssh/sshd_config >/dev/null 2>&1
if [[ $? -ne 0 ]]
then
cat << EOF >> /etc/ssh/sshd_config
UsePAM yes
EOF
else
perl -pi -e 's/^UsePAM.*/UsePAM yes/' /etc/ssh/sshd_config
fi

cat <<EOF >> /etc/pam.d/login
session     required      pam_lastlog.so noupdate showfailed
EOF

cat <<EOF >> /etc/pam.d/sshd
session     required      pam_lastlog.so noupdate showfailed
EOF
You may want to make the changes manually, these were specifically for RHEL in a known state and don't have enough defensive coding around them.

BTW .. you really should use a newer version of Fedora.. 14 is no longer supported

Last edited by kbp; 01-28-2013 at 05:15 PM.
 
1 members found this post helpful.
Old 01-29-2013, 08:04 AM   #3
Ronayn
Member
 
Registered: Jan 2006
Posts: 55

Original Poster
Rep: Reputation: 0
Hello kbp,

Thanks for the input. I applied those changes, but the problem still remains. The only difference is now the second last login line has the same time as the first.

BTW, I am testing changes like this in a console window on the actual machine so I can log in w/o going through GDM or SSH. I've tried using similar session lines in different parts of /etc/pam.d/login, but it makes no difference.

Some PAM module is printing out that last login w/o being asked to -- I just dont know which it is, or if I can even turn it off.
 
Old 01-29-2013, 07:35 PM   #4
kbp
Senior Member
 
Registered: Aug 2009
Posts: 3,758

Rep: Reputation: 643Reputation: 643Reputation: 643Reputation: 643Reputation: 643Reputation: 643
Did you restart sshd?
 
Old 01-30-2013, 05:55 AM   #5
Ronayn
Member
 
Registered: Jan 2006
Posts: 55

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by kbp View Post
Did you restart sshd?
Hello kbp,

Thanks again for your input. In answer to question: Yes Fortunately, I've had to work on SSH before, so I am very familiar with the need to restart the service after any change.

I am curious about one thing -- what would SSH have to do with a normal login at the console? I mean, I know I'd have to change it there too, for remote secure logins. But right now I'd settle for getting the console login looking right. Can I ignore SSH for now? (Or is there some relationship between a normal login at the console and SSH?)
 
Old 01-30-2013, 04:59 PM   #6
kbp
Senior Member
 
Registered: Aug 2009
Posts: 3,758

Rep: Reputation: 643Reputation: 643Reputation: 643Reputation: 643Reputation: 643Reputation: 643
No .. you're correct, there is no relationship between them, have you tried adding the pam_lastlog line to /etc/pam.d/system-auth ?
 
  


Reply

Tags
pam


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Showing passwords for failed login attempts Weinie Linux - Security 4 08-09-2011 12:03 PM
failed login attempts smilemukul Linux - Newbie 7 12-16-2010 12:46 PM
Constant failed login attempts... seanferd Linux - Security 8 11-09-2006 08:42 AM
Timeout between failed login attempts wuicci Linux - Security 3 06-01-2006 04:40 AM
Failed SSH login attempts Capt_Caveman Linux - Security 38 01-03-2006 03:22 PM


All times are GMT -5. The time now is 12:15 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration