I don't find using pam_tally or pam_tally2 useful. As noted, the unsuccessful login attempt counts are cleared once a user successfully logs onto a system. I'm not trying to run reports; I am trying to inform the user at login whether there have been failed attempts and how many of them. Now, if there is a way of extracting that information prior to the clearing of the counts, I'm interested. Patti > -----Original Message----- > From: nahant-list-bounces@xxxxxxxxxx > [mailto:nahant-list-bounces@xxxxxxxxxx] On Behalf Of Alastair Neil > Sent: Tuesday, March 25, 2008 6:08 PM > To: Red Hat Enterprise Linux 4 (Nahant) Discussion List > Cc: Pluggable Authentication Modules > Subject: Re: Notification of number of unsuccessful login attempts > > you might want to look at pam_tally2 it comes with a script for doing > just what you requested. I do not know if RHEL 4 come with it or not > but it is certainly in CentOS 5 > > On Tue, Mar 25, 2008 at 4:23 PM, Clark, Patti <clarkp@xxxxxxxx> wrote: > > Thank you for the info John. I was afraid of that since > nothing came > > from my research. There seems to be a few ways of collecting and > > reporting via sysadmin type utilities and/or custom > scripts, but nothing > > via an options setting. <sigh> I have security > requirements that want > > to display to a user the number of failed login attempts for their > > account in order to provide another avenue for flagging > anomalies. Of > > course we monitor the logs, but this comes under the > defense-in-depth > > column. Sometimes I go toe to toe with a Sun admin who > likes to point > > out how mature and secure Solaris is comparitively > speaking. Every now > > and then I can pull a rabbit out of the (Red) Hat. > > > > Patti > > > > > > > -----Original Message----- > > > From: nahant-list-bounces@xxxxxxxxxx > > > [mailto:nahant-list-bounces@xxxxxxxxxx] On Behalf Of Stephen > > > John Smoogen > > > Sent: Tuesday, March 25, 2008 4:02 PM > > > To: Red Hat Enterprise Linux 4 (Nahant) Discussion List > > > Subject: Re: Notification of number of unsuccessful > login attempts > > > > > > On Tue, Mar 25, 2008 at 1:30 PM, Clark, Patti > <clarkp@xxxxxxxx> wrote: > > > > > > > > > > > > > > > > While login offers up the last login notice, is there a way > > > to also provide > > > > the number of unsuccessful (failed) login attempts for a > > > user account? I > > > > have pam_tally tracking these and didn't find any options > > > to display that > > > > information to a user. > > > > > > > > > > Hi Patti. All the files that log that (faillog) etc are > in general not > > > readable by a normal user. My layman response would be > that you would > > > need a setuid program to get the data which causes its > own issues. > > > > > > > Patti Clark > > > > Sr. Unix System Administrator - RHCT, GSEC > > > > Office of Scientific and Technical Information > > > > > > > > > > > > -- > > > > nahant-list mailing list > > > > nahant-list@xxxxxxxxxx > > > > https://www.redhat.com/mailman/listinfo/nahant-list > > > > > > > > > > > > > > > > > > > > -- > > > Stephen J Smoogen. -- CSIRT/Linux System Administrator > > > How far that little candle throws his beams! So shines a > good deed > > > in a naughty world. = Shakespeare. "The Merchant of Venice" > > > > > > -- > > > nahant-list mailing list > > > nahant-list@xxxxxxxxxx > > > https://www.redhat.com/mailman/listinfo/nahant-list > > > > > > > -- > > nahant-list mailing list > > nahant-list@xxxxxxxxxx > > https://www.redhat.com/mailman/listinfo/nahant-list > > > > -- > nahant-list mailing list > nahant-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/nahant-list > _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
