Maybe a little background would help here. I'm working on a log watcher (of sorts) for failed SSH logins, only, I'm looking at registered users exclusively. Auth.log seems too cumbersome to watch and extract out registered users if a distributed attack occurs. So, I wanted to use tallylog to see how many failed attempts have occurred for registered users and use a script from there to take action. What do you think?
Re #1. Maybe what you are looking for is to parse output of command 'lastb'.
Re #2. There is lots of Google references to PAM.
Sent from my iPhone
> On Jan 23, 2016, at 16:18, Phil Beckley <phil.beckley@xxxxxxxxx> wrote:
> Hi all,
> I've been looking for documentation and in forums, but I'm not having any luck getting more information on the items in the subject. I have a couple of questions and please let me know if this isn't the right place to address these questions.
> 1. Why is tallylog a binary file? I would love to parse it like a log, but that seems like a difficult task.
> 2. Is there a more in-depth description/explanation of how to modify the pam conf files? I was looking at the PAM SA guide, but was unable to make sense of a lot of it as I don't have a background in PAM, as a whole.
> Thanks for your help.
> Pam-list mailing list
Pam-list mailing list
_______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list