run command/program after failed login attempts
Hi, I'm running ubuntu 11.04 and I am trying to make it so that after 4 failed login attempts, it runs a program. How would I go about doing this? Any help would be greatly appreciated.
|
Failed logins are being logged in '/var/log/faillog'. You can use the command 'faillog' to print the failed logins on you screen. So you can create a script that uses this output to check if the amount of failed logins exceeds '4' and runs a command if necessary.
I hope this gets you started. |
Thank you for your reply. It was very informative. Is there any way I can make it run a program/script in the login window; ie after 4 unsuccsesful attempts it sends email even if no one succsesfuly logs in? It seems like to do this the script to check failed logins would have to be running in the background during login.
|
In addition, how would I view the faillog file? ie what type of file is it?
EDIT: I figured out how to open the faillog in terminal, but how would I go about making a bash script that reads the faillog on each login attempt in the login screen, and then does some command? |
Quote:
Code:
if [ `faillog | awk '/username/ {print $2}'` -ge 4 ]; then executecommand; fi |
I know... this is more of a fun side project than anything else, because my sister has a habit of trying to guess my password;)
|
I think the failed attempts are also recorded in /var/log/messages. In syslog-ng one can filter these messages and send them to a named pipe:
Code:
destination process { pipe("/tmp/tester" perm(0644)); }; Code:
$ while read LINE; do echo "Got: $LINE"; done < /tmp/tester |
got it! If I change the pam common-auth file, I can make it so on every failed login attempt it runs a bash script.
|
All times are GMT -5. The time now is 08:58 PM. |