LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-02-2009, 01:10 PM   #1
Zero187
Member
 
Registered: May 2009
Posts: 32

Rep: Reputation: 15
Failed passwords log


I have been trying to install fail2ban and it says it uses /var/log/pwdfail to view invalid ssh login attempts but I have looked all over and I do not have that file. I do have the TCP wrapper (tcpd) and was wondering how I access/create the pwdfail file?

im using debian
 
Old 06-02-2009, 03:09 PM   #2
Zero187
Member
 
Registered: May 2009
Posts: 32

Original Poster
Rep: Reputation: 15
Or maybe I have to enable it through tcpd somehow? Any help would be great..
Thanks
 
Old 06-02-2009, 03:49 PM   #3
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
Is fail2ban actually running? As what user did you fire it off?


Cheers,
Tink
 
Old 06-02-2009, 04:01 PM   #4
Zero187
Member
 
Registered: May 2009
Posts: 32

Original Poster
Rep: Reputation: 15
No I have no installed fail2ban yet as I read that it needs to use the /var/log/pwdfail file which I do not have on my computer. I was wondering what logger creates this file (syslogd, tcpd, or maybe syslog-ng?).

Here is the quote from the fail2ban website:
"Fail2ban scans log files like /var/log/pwdfail or /var/log/apache/error_log and bans IP that makes too many password failures."

Thanks
 
Old 06-02-2009, 04:15 PM   #5
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
OK, that's a misunderstanding on your side. It doesn't *require*
that file to exist, it's an example. You have to *tell* fail2ban via
its configuration which files you're interested in.



Cheers,
Tink
 
Old 06-02-2009, 04:26 PM   #6
Zero187
Member
 
Registered: May 2009
Posts: 32

Original Poster
Rep: Reputation: 15
No, I understood that. I'm trying to figure out which log file(s) it will use since there is no pwdfail file on my system and no documentation about it on the fail2ban website that I could find.

So my question is, how or where would I find that log file that logs invalid login attempts?
 
Old 06-02-2009, 04:34 PM   #7
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
In debian I think failed ssh login attempts go into messages,
but I'm not 100% certain. just grep your whole log dir.

Code:
grep -rl Failed /var/log/*

Cheers,
Tink
 
Old 06-02-2009, 04:36 PM   #8
Zero187
Member
 
Registered: May 2009
Posts: 32

Original Poster
Rep: Reputation: 15
Thank you very much, this is exactly what I needed
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
ispconfig's broken! this nut's forgotten passwords...can't log in...no critical data blesbok Fedora 1 07-26-2008 11:09 PM
Problem with changing passwords and log in kevin-isca Grafpup 4 06-24-2007 11:11 AM
sshd attacks - failed passwords x42bn6 Linux - Security 28 10-19-2006 11:15 AM
No passwords for log-in law0min Linux - General 1 03-27-2006 06:20 AM
How to log wrong passwords tyler_durden Linux - Security 3 02-05-2002 06:55 PM


All times are GMT -5. The time now is 05:09 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration