LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 08-24-2011, 05:37 PM   #1
xwjitftu
Member
 
Registered: Aug 2011
Distribution: Ubuntu
Posts: 51

Rep: Reputation: 1
run command/program after failed login attempts


Hi, I'm running ubuntu 11.04 and I am trying to make it so that after 4 failed login attempts, it runs a program. How would I go about doing this? Any help would be greatly appreciated.
 
Old 08-25-2011, 08:16 AM   #2
roels
LQ Newbie
 
Registered: Jan 2009
Distribution: Debian & Archlinux
Posts: 2

Rep: Reputation: 0
Failed logins are being logged in '/var/log/faillog'. You can use the command 'faillog' to print the failed logins on you screen. So you can create a script that uses this output to check if the amount of failed logins exceeds '4' and runs a command if necessary.
I hope this gets you started.

Last edited by roels; 08-25-2011 at 08:24 AM.
 
Old 08-25-2011, 12:55 PM   #3
xwjitftu
Member
 
Registered: Aug 2011
Distribution: Ubuntu
Posts: 51

Original Poster
Rep: Reputation: 1
Thank you for your reply. It was very informative. Is there any way I can make it run a program/script in the login window; ie after 4 unsuccsesful attempts it sends email even if no one succsesfuly logs in? It seems like to do this the script to check failed logins would have to be running in the background during login.

Last edited by xwjitftu; 08-25-2011 at 12:56 PM. Reason: Extra thought
 
Old 08-25-2011, 12:59 PM   #4
xwjitftu
Member
 
Registered: Aug 2011
Distribution: Ubuntu
Posts: 51

Original Poster
Rep: Reputation: 1
In addition, how would I view the faillog file? ie what type of file is it?
EDIT: I figured out how to open the faillog in terminal, but how would I go about making a bash script that reads the faillog on each login attempt in the login screen, and then does some command?

Last edited by xwjitftu; 08-25-2011 at 01:03 PM. Reason: figured out how to open faillog file
 
Old 08-25-2011, 01:52 PM   #5
roels
LQ Newbie
 
Registered: Jan 2009
Distribution: Debian & Archlinux
Posts: 2

Rep: Reputation: 0
Quote:
Originally Posted by xwjitftu View Post
I figured out how to open the faillog in terminal, but how would I go about making a bash script that reads the faillog on each login attempt in the login screen, and then does some command?
I don't know if that is possible. I would suggest to use cron to run something like this every hour or so:
Code:
if [ `faillog | awk '/username/ {print $2}'` -ge 4 ]; then executecommand; fi
However you should realize that an attacker with physical access will probably gain root access via 'single user mode'.
 
Old 08-25-2011, 07:04 PM   #6
xwjitftu
Member
 
Registered: Aug 2011
Distribution: Ubuntu
Posts: 51

Original Poster
Rep: Reputation: 1
I know... this is more of a fun side project than anything else, because my sister has a habit of trying to guess my password
 
Old 08-26-2011, 09:05 AM   #7
Reuti
Senior Member
 
Registered: Dec 2004
Location: Marburg, Germany
Distribution: openSUSE 11.4
Posts: 1,319

Rep: Reputation: 252Reputation: 252Reputation: 252
I think the failed attempts are also recorded in /var/log/messages. In syslog-ng one can filter these messages and send them to a named pipe:
Code:
destination process { pipe("/tmp/tester" perm(0644)); };
log { source(src); filter(foobar); destination(process); };
At the other end you have an endless running process where you are waiting on something to arrive at the pipe:
Code:
$ while read LINE; do echo "Got: $LINE"; done < /tmp/tester
There you can process anything you like with these messages.
 
Old 08-26-2011, 06:23 PM   #8
xwjitftu
Member
 
Registered: Aug 2011
Distribution: Ubuntu
Posts: 51

Original Poster
Rep: Reputation: 1
got it! If I change the pam common-auth file, I can make it so on every failed login attempt it runs a bash script.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
failed login attempts smilemukul Linux - Newbie 7 12-16-2010 12:46 PM
Account lock after failed login attempts alfonsosg Linux - Security 5 08-03-2010 07:24 AM
Constant failed login attempts... seanferd Linux - Security 8 11-09-2006 08:42 AM
Timeout between failed login attempts wuicci Linux - Security 3 06-01-2006 04:40 AM
Failed SSH login attempts Capt_Caveman Linux - Security 38 01-03-2006 03:22 PM


All times are GMT -5. The time now is 09:05 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration