show last sucessful and faile login after login

CP1 · 10-16-2007, 04:08 PM

I want to display last successful login and last failed attempt after a user login successfully.
I already put pam_lastlog.so in my /etc/pam.d/login but it only shows the last time the user did a login successfully.
Can anyone help?

unSpawn · 10-16-2007, 05:53 PM

What's the real requirement for showing *failed* attempts? That's nfo only the root account user should be interested in to audit system access with. What could a *user* do with that information (except abuse it)?

CP1 · 10-17-2007, 01:02 PM

for example, with the time of the last failed login, the user will know if someone is trying to access with is login.

unSpawn · 10-17-2007, 02:56 PM

I still maintain that's the *admin's* task, but OK... "faillog -u $USERNAME | head -1" should give you the last failed login entry for $USERNAME (if defined). However that does not mean it would be close to the time $USERNAME logs in again (unless you put a grep behind it). I don't know of a PAM module that would give you "pam_faillog" so you could use a script like "pam_script"?