Re: pam_tally2 and tallylog

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, Jan 24, Phil Beckley wrote:

> Thanks for your response, Thorsten. Can you explain the rationale behind
> why tallylog is a binary file?

As I wrote: it is a database, not a log file. pam_tally2 stores
there the configuration for each user and the amount of failed
logins.
If you ever tried to implement a database as ASCII file, you can
answer yourself why it is a binary file.

  Thorsten

> On Jan 24, 2016 1:18 PM, "Thorsten Kukuk" <kukuk@xxxxxxx> wrote:
> 
> > On Sun, Jan 24, Phil Beckley wrote:
> >
> > > Maybe a little background would help here. I'm working on a log watcher
> > (of
> > > sorts) for failed SSH logins, only, I'm looking at registered users
> > > exclusively. Auth.log seems too cumbersome to watch and extract out
> > > registered users if a distributed attack occurs. So, I wanted to use
> > > tallylog to see how many failed attempts have occurred for registered
> > users
> > > and use a script from there to take action. What do you think?
> >
> > pam_tally2 does not write a log file, this is more or less a database.
> > If pam_tally2 takes any actions, it logs it via syslog, too. But writing
> > the database as ascii doesn't make any sense and does not help you.
> > Either you let pam_tally2 lock the account if too many failed logins
> > appear, or pam_tally2 is the wrong module for you.
> >
> > Thorsten
> >
> > > On Jan 23, 2016 6:22 PM, "Paul Whitney" <paul.whitney@xxxxxxx> wrote:
> > >
> > > > Re #1. Maybe what you are looking for is to parse output of command
> > > > 'lastb'.
> > > >
> > > > Re #2. There is lots of Google references to PAM.
> > > >
> > > > Paul Whitney
> > > > email: paul.whitney@xxxxxxx
> > > > cell: 410.493.9448
> > > >
> > > > Sent from my iPhone
> > > >
> > > > > On Jan 23, 2016, at 16:18, Phil Beckley <phil.beckley@xxxxxxxxx>
> > wrote:
> > > > >
> > > > > Hi all,
> > > > >
> > > > > I've been looking for documentation and in forums, but I'm not having
> > > > any luck getting more information on the items in the subject. I have a
> > > > couple of questions and please let me know if this isn't the right
> > place to
> > > > address these questions.
> > > > >
> > > > > 1. Why is tallylog a binary file? I would love to parse it like a
> > log,
> > > > but that seems like a difficult task.
> > > > > 2. Is there a more in-depth description/explanation of how to modify
> > the
> > > > pam conf files? I was looking at the PAM SA guide, but was unable to
> > make
> > > > sense of a lot of it as I don't have a background in PAM, as a whole.
> > > > >
> > > > > Thanks for your help.
> > > > >
> > > > >
> > > > > P
> > > > > _______________________________________________
> > > > > Pam-list mailing list
> > > > > Pam-list@xxxxxxxxxx
> > > > > https://www.redhat.com/mailman/listinfo/pam-list
> > > >
> > > > _______________________________________________
> > > > Pam-list mailing list
> > > > Pam-list@xxxxxxxxxx
> > > > https://www.redhat.com/mailman/listinfo/pam-list
> > > >
> >
> > > _______________________________________________
> > > Pam-list mailing list
> > > Pam-list@xxxxxxxxxx
> > > https://www.redhat.com/mailman/listinfo/pam-list
> >
> >
> > --
> > Thorsten Kukuk, Senior Architect SLES & Common Code Base
> > SUSE LINUX GmbH, Maxfeldstr. 5, 90409 Nuernberg, Germany
> > GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG
> > Nürnberg)
> >
> > _______________________________________________
> > Pam-list mailing list
> > Pam-list@xxxxxxxxxx
> > https://www.redhat.com/mailman/listinfo/pam-list
> >

> _______________________________________________
> Pam-list mailing list
> Pam-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/pam-list


-- 
Thorsten Kukuk, Senior Architect SLES & Common Code Base
SUSE LINUX GmbH, Maxfeldstr. 5, 90409 Nuernberg, Germany
GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)

_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list




[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux