Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Is there a setting that will make a log entry that shows the PASSWORD_STRING used when the login fails?
I realize that this will often catch a simple typo, but I'm thinking that I can automatically watch the log and throw an alarm if that happens too often.
My few users do a pretty good job of using strong passwords. My guests not so much. Some guest users are teen boys (I have grand sons) and so I'm wanting to know that someone is pecking around -- not just "failed login" but which PASSWORD_STRING were they pecking with.
Passwords are hashed. If plain text is available, that would render the hashing useless. So, you are unlikely to be able to get the plain text, unless you can hack into the kernel memory.
There's nothing to stop you creating accounts using passwords you prefer and assign them to users.
I'd imagine script kiddies usually peck around with a common hacking-dictionary set of words.
breach of privacy, i'd say.
you should not know your users' passwords.
why not simply log the amount of login attempts?
if it's more than a few times per minute, more than a dozen times per hour, etc. it's VERY likely to be a cracking attempt.
even then you don't have to ban the IP compltely, just start with a penalty of 1 hour or so.
software exists that does that for you (fail2ban?).
As said it would be a breach of the data protection laws at least, and certainly immoral.
You cannot even excuse yourself by saying you might need access to their data in an emergency, since there are far better way around that.
Whenever I had to work on people's machines, I always either asked them to remove passwords temporarily or change it to something not connected with their usual one. I always insisted on them changing the passwords as soon as they were happy with the work done.
This has two side affects.
They tend to trust you more since they know full well that you will likely have to have access to their data to protect it from any hardware errors - back up for instance.
It forces them to change the password when they get it back and therefore tends to protect you from any future data losses.
Distribution: Debian testing/sid; OpenSuSE; Fedora; Mint
Posts: 5,524
Rep:
I don't understand. Your grandkids are sometimes guest users on your system, and they try to guess passwords to other accounts? And you want to know which words they are using to guess at the correct password?
I could simply force a fresh, known, easy-to-type string. They gripe that they like what they are using blah blah blah. As an example, their password is AbcdEfgh31415. Their problem is that they forget the capital-E
in the middle of things. I was hoping to log what they actually typed so that I could see, Abcdefgh31415 on the failed attempt(s).
As this machine is home-office internal, and the users are family, I was focused on helpful.
Thanks to all for the privacy reminders.
Even when the Authorities get permission to break into machines, they NEVER NEVER get the user's password without being given it.
If it is possible (remember the Apple case) to break in, it is only possible to remove the password necessity, or to overwrite it with a known one. That way the user will know it has been hacked.
Passwords are "one time" encrypted and cannot be decrypted (well except by trying every single possibility).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.