| 1 |
On 06/11/2014 01:56 AM, Florian HEGRON wrote: |
| 2 |
>> Is there a way to display that 'failed logins' message without using |
| 3 |
>> gdm/kdm/xdm? |
| 4 |
> |
| 5 |
> Hello, |
| 6 |
> |
| 7 |
> See that : http://linux.die.net/man/8/faillog |
| 8 |
> |
| 9 |
> I am not on my Gentoo machine so I don't know if the faillog file is really present. |
| 10 |
|
| 11 |
Very good clue, thanks. After several hours of poking around in /etc |
| 12 |
I know a lot more and understand less :) |
| 13 |
|
| 14 |
I enabled a few settings in /etc/login.defs that *should* have worked |
| 15 |
(according to the man pages) but had no effect at all. |
| 16 |
|
| 17 |
I found some appropriate failed login messages in /var/log/auth.log, |
| 18 |
as specified by this line in /etc/syslog.conf: |
| 19 |
|
| 20 |
#grep -r auth.log /etc |
| 21 |
syslog.conf:auth,authpriv.* /var/log/auth.log |
| 22 |
|
| 23 |
I should confess that I'm running systemd instead of openrc and I'm |
| 24 |
using my own hacked config files in /etc/systemd/ to run syslogd: |
| 25 |
|
| 26 |
#cat /etc/systemd/system/sklogd.service |
| 27 |
[Unit] |
| 28 |
Description=The syslogd half of sysklogd |
| 29 |
|
| 30 |
[Service] |
| 31 |
Type=forking |
| 32 |
EnvironmentFile=/etc/init.d/sysklogd |
| 33 |
ExecStart=/usr/sbin/syslogd -m 0 |
| 34 |
|
| 35 |
[Install] |
| 36 |
WantedBy=multi-user.target |
| 37 |
|
| 38 |
|
| 39 |
Maybe failed logins should be logged by journalctl now instead of |
| 40 |
sys-apps/shadow? I see entries from systemd-logind about successful |
| 41 |
logins but nothing about failed logins. (I've deliberately caused |
| 42 |
many failed logins just for the purpose of spamming the system logs.) |
| 43 |
|
| 44 |
Any additional clues would be much appreciated, thanks. |
Archives