Maybe a little background would help here. I'm working on a log watcher (of sorts) for failed SSH logins, only, I'm looking at registered users exclusively. Auth.log seems too cumbersome to watch and extract out registered users if a distributed attack occurs. So, I wanted to use tallylog to see how many failed attempts have occurred for registered users and use a script from there to take action. What do you think?
On Jan 23, 2016 6:22 PM, "Paul Whitney" <paul.whitney@xxxxxxx> wrote:
Re #1. Maybe what you are looking for is to parse output of command 'lastb'.
Re #2. There is lots of Google references to PAM.
Paul Whitney
email: paul.whitney@xxxxxxx
cell: 410.493.9448
Sent from my iPhone
> On Jan 23, 2016, at 16:18, Phil Beckley <phil.beckley@xxxxxxxxx> wrote:
>
> Hi all,
>
> I've been looking for documentation and in forums, but I'm not having any luck getting more information on the items in the subject. I have a couple of questions and please let me know if this isn't the right place to address these questions.
>
> 1. Why is tallylog a binary file? I would love to parse it like a log, but that seems like a difficult task.
> 2. Is there a more in-depth description/explanation of how to modify the pam conf files? I was looking at the PAM SA guide, but was unable to make sense of a lot of it as I don't have a background in PAM, as a whole.
>
> Thanks for your help.
>
>
> P
> _______________________________________________
> Pam-list mailing list
> Pam-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/pam-list
_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
_______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list