LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 10-14-2009, 08:35 AM   #1
mccartjd
Member
 
Registered: Apr 2008
Posts: 108

Rep: Reputation: 15
Smile Account Lockout Recorded in System Logs?


Very new to Linux.

I'm using RHEL 2.4 and could not find any record of accounts that were locked out due to unsuccessful logins other than in it was documented in the the /var/log/faillog.

By default, does the Linux System Log record account lockouts and in which System Log, Audit, Message or Security? What trigger words should I look for, example account locked?

The accounts do reflect in the faillog and the System Logs show authentication failures but I was just wondering if it was documented somewhere other than the faillog.

A million thanks
John
 
Old 10-14-2009, 08:25 PM   #2
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Rocky 9.2
Posts: 18,348

Rep: Reputation: 2749Reputation: 2749Reputation: 2749Reputation: 2749Reputation: 2749Reputation: 2749Reputation: 2749Reputation: 2749Reputation: 2749Reputation: 2749Reputation: 2749
According to this http://www.redhat.com/security/updates/errata/ there's no such thing as RHEL 2.4; sounds like the kernel version, not the release.
Please show

uname -a

cat /etc/redhat-release
 
Old 10-19-2009, 10:22 AM   #3
mccartjd
Member
 
Registered: Apr 2008
Posts: 108

Original Poster
Rep: Reputation: 15
Smile Reponse to typing commands

After I type:

uname -a

The return is:
Linux localhost.localdomain 2.6.9-67/0.15.Elsmp #1 SMP Tue Apr 22 13:58 EDT2

After I type:
cat /etc/redhat-release

The return is:
Red Hat Enterprise Linux WS Release 4 (Nahant)

Thanks
John
 
Old 10-19-2009, 11:44 AM   #4
mccartjd
Member
 
Registered: Apr 2008
Posts: 108

Original Poster
Rep: Reputation: 15
Smile pam_tally

Should myfoucus be on pam_tally and modify the /etc/pam.d/login file:

auth required pam_tally.so file=/path/to/counter

Write now my /etc/pam.d/sys-auth file, below:

auth required /lib/security/$ISA/pam_tally.so onerr=fail no_magic_root

account required /lib/security/$ISA/pam_tally.so per_user deny=5 no_magic_root

Locks the account out and writes to the faillog file but I was wondering if I could specify an additional location where account lockouts or counters could be recorded?


A millions thanks
John
 
Old 10-19-2009, 12:41 PM   #5
AlucardZero
Senior Member
 
Registered: May 2006
Location: USA
Distribution: Debian
Posts: 4,824

Rep: Reputation: 615Reputation: 615Reputation: 615Reputation: 615Reputation: 615Reputation: 615
RHEL4.0 then.

It should by default also log to /var/log/messages or /var/log/secure. You can edit /etc/syslog.conf to send auth messages to another place as well if you wish.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Account lockout with PAM thllgo Linux - Security 1 04-22-2009 02:54 PM
account lockout threshold pasupuleti Programming 3 10-03-2006 12:11 AM
Account lockout threshold moinpasha Linux - Security 10 09-28-2006 07:27 AM
Logging account lockout sbrewer Linux - Security 1 10-22-2005 03:48 PM
Automatic Account lockout jimrt Linux - Security 3 03-26-2003 08:32 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:53 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration