Am Mi, den 15.06.2005 schrieb Ted Beaton um 14:57: > I'm trying to log bad login attemps. They are supposed to be logged to > /var/log/btmp according to the man page on the "lastb" command. I > touched the /var/log/btmp file to create it and when I run the lastb > command it reads the file but none of the "bad login attempts" get > logged to the file. Anyone know how to turn this logging on? I have > tested faillog and that works if someone uses a real username to try and > login and fails but does not record failed login attempts with a bogus > username (ie someone guessing usernames). Any ideas? > > All information contained in this email is confidential and may be used by the intended recipient only. Am I allowed to answer in public? Was I even allowed to read your message? Anyway, how do you test "lastb"? Bad login attempts on the console are properly logged for me: $ lastb barfoo tty1 Wed Jun 15 17:53 - 17:53 (00:00) foobar tty1 Wed Jun 15 17:53 - 17:53 (00:00) And failed SSH logins with a fake username are logged to syslog's messages file: Jun 15 17:56:47 blacky sshd(pam_unix)[8038]: check pass; user unknown Jun 15 17:56:47 blacky pam_tally[8038]: pam_tally: pam_get_uid; no such user NOUSER Jun 15 17:56:49 blacky sshd(pam_unix)[8038]: 2 more authentication failures; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=<hostname of user> Alexander -- Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773 legal statement: http://www.uni-x.org/legal.html Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.27_FC2smp Serendipity 17:53:26 up 22 days, 16:31, load average: 0.28, 0.31, 0.27
Attachment:
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
