On Sun, Jan 24, Phil Beckley wrote: > Thanks for your response, Thorsten. Can you explain the rationale behind > why tallylog is a binary file? As I wrote: it is a database, not a log file. pam_tally2 stores there the configuration for each user and the amount of failed logins. If you ever tried to implement a database as ASCII file, you can answer yourself why it is a binary file. Thorsten > On Jan 24, 2016 1:18 PM, "Thorsten Kukuk" <kukuk@xxxxxxx> wrote: > > > On Sun, Jan 24, Phil Beckley wrote: > > > > > Maybe a little background would help here. I'm working on a log watcher > > (of > > > sorts) for failed SSH logins, only, I'm looking at registered users > > > exclusively. Auth.log seems too cumbersome to watch and extract out > > > registered users if a distributed attack occurs. So, I wanted to use > > > tallylog to see how many failed attempts have occurred for registered > > users > > > and use a script from there to take action. What do you think? > > > > pam_tally2 does not write a log file, this is more or less a database. > > If pam_tally2 takes any actions, it logs it via syslog, too. But writing > > the database as ascii doesn't make any sense and does not help you. > > Either you let pam_tally2 lock the account if too many failed logins > > appear, or pam_tally2 is the wrong module for you. > > > > Thorsten > > > > > On Jan 23, 2016 6:22 PM, "Paul Whitney" <paul.whitney@xxxxxxx> wrote: > > > > > > > Re #1. Maybe what you are looking for is to parse output of command > > > > 'lastb'. > > > > > > > > Re #2. There is lots of Google references to PAM. > > > > > > > > Paul Whitney > > > > email: paul.whitney@xxxxxxx > > > > cell: 410.493.9448 > > > > > > > > Sent from my iPhone > > > > > > > > > On Jan 23, 2016, at 16:18, Phil Beckley <phil.beckley@xxxxxxxxx> > > wrote: > > > > > > > > > > Hi all, > > > > > > > > > > I've been looking for documentation and in forums, but I'm not having > > > > any luck getting more information on the items in the subject. I have a > > > > couple of questions and please let me know if this isn't the right > > place to > > > > address these questions. > > > > > > > > > > 1. Why is tallylog a binary file? I would love to parse it like a > > log, > > > > but that seems like a difficult task. > > > > > 2. Is there a more in-depth description/explanation of how to modify > > the > > > > pam conf files? I was looking at the PAM SA guide, but was unable to > > make > > > > sense of a lot of it as I don't have a background in PAM, as a whole. > > > > > > > > > > Thanks for your help. > > > > > > > > > > > > > > > P > > > > > _______________________________________________ > > > > > Pam-list mailing list > > > > > Pam-list@xxxxxxxxxx > > > > > https://www.redhat.com/mailman/listinfo/pam-list > > > > > > > > _______________________________________________ > > > > Pam-list mailing list > > > > Pam-list@xxxxxxxxxx > > > > https://www.redhat.com/mailman/listinfo/pam-list > > > > > > > > > _______________________________________________ > > > Pam-list mailing list > > > Pam-list@xxxxxxxxxx > > > https://www.redhat.com/mailman/listinfo/pam-list > > > > > > -- > > Thorsten Kukuk, Senior Architect SLES & Common Code Base > > SUSE LINUX GmbH, Maxfeldstr. 5, 90409 Nuernberg, Germany > > GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG > > Nürnberg) > > > > _______________________________________________ > > Pam-list mailing list > > Pam-list@xxxxxxxxxx > > https://www.redhat.com/mailman/listinfo/pam-list > > > _______________________________________________ > Pam-list mailing list > Pam-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/pam-list -- Thorsten Kukuk, Senior Architect SLES & Common Code Base SUSE LINUX GmbH, Maxfeldstr. 5, 90409 Nuernberg, Germany GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list