Re: Login Statistics Similar to Centos

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On 09/01/2017 02:11 PM, William Gathoye wrote:
> 
> 
> On 08/30/2017 12:19 AM, Leonid Isaev via arch-general wrote:
>>
>> man 8 pam_lastlog
> For your kind info, calling pam_lastlog.so like described in the man
> pages is segfaulting on my side.
> 
> $ /usr/lib/security/pam_lastlog.so
> Segmentation fault (core dumped)
> 
> I cannot debug further since it hasn't been build with gdb debug
> symbols, but this is likely to this issue. [1]
> 
> 
> [1] https://www.redhat.com/archives/pam-list/2014-August/msg00003.html
> 

You don't execute pam_lastlog.so directly.

[root@centos7test pam.d]# pwd
/etc/pam.d
[root@centos7test pam.d]# cat login
#%PAM-1.0
auth [user_unknown=ignore success=ok ignore=ignore default=bad]
pam_securetty.so
auth       substack     system-auth
***auth       include      postlogin
account    required     pam_nologin.so
account    include      system-auth
password   include      system-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    required     pam_loginuid.so
session    optional     pam_console.so
# pam_selinux.so open should only be followed by sessions to be executed
in the user context
session    required     pam_selinux.so open
session    required     pam_namespace.so
session    optional     pam_keyinit.so force revoke
session    include      system-auth
***session    include      postlogin
-session   optional     pam_ck_connector.so


(*** prefixed for emphasis. Do not actually put those in a pam config.)

[root@centos7test pam.d]# cat postlogin
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.


session     [success=1 default=ignore] pam_succeed_if.so service !~ gdm*
service !~ su* quiet
***session     [default=1]   pam_lastlog.so nowtmp showfailed
***session     optional      pam_lastlog.so silent noupdate showfailed


(*** prefixed for emphasis. Do not actually put those in a pam config.)



As shown, pam is calling the pam_lastlog.so object (which is why you
can't execute it; it's not an executable, it's a Shared Object).

To do this over SSH, /etc/ssh/sshd_config has UsePam yes (and
PrintLastLog yes is enabled by default)


-- 
brent saner
https://www.square-r00t.net

Attachment: signature.asc
Description: OpenPGP digital signature

[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]
  Powered by Linux