1 |
On 06/11/2014 01:56 AM, Florian HEGRON wrote: |
2 |
>> Is there a way to display that 'failed logins' message without using |
3 |
>> gdm/kdm/xdm? |
4 |
> |
5 |
> Hello, |
6 |
> |
7 |
> See that : http://linux.die.net/man/8/faillog |
8 |
> |
9 |
> I am not on my Gentoo machine so I don't know if the faillog file is really present. |
10 |
|
11 |
Very good clue, thanks. After several hours of poking around in /etc |
12 |
I know a lot more and understand less :) |
13 |
|
14 |
I enabled a few settings in /etc/login.defs that *should* have worked |
15 |
(according to the man pages) but had no effect at all. |
16 |
|
17 |
I found some appropriate failed login messages in /var/log/auth.log, |
18 |
as specified by this line in /etc/syslog.conf: |
19 |
|
20 |
#grep -r auth.log /etc |
21 |
syslog.conf:auth,authpriv.* /var/log/auth.log |
22 |
|
23 |
I should confess that I'm running systemd instead of openrc and I'm |
24 |
using my own hacked config files in /etc/systemd/ to run syslogd: |
25 |
|
26 |
#cat /etc/systemd/system/sklogd.service |
27 |
[Unit] |
28 |
Description=The syslogd half of sysklogd |
29 |
|
30 |
[Service] |
31 |
Type=forking |
32 |
EnvironmentFile=/etc/init.d/sysklogd |
33 |
ExecStart=/usr/sbin/syslogd -m 0 |
34 |
|
35 |
[Install] |
36 |
WantedBy=multi-user.target |
37 |
|
38 |
|
39 |
Maybe failed logins should be logged by journalctl now instead of |
40 |
sys-apps/shadow? I see entries from systemd-logind about successful |
41 |
logins but nothing about failed logins. (I've deliberately caused |
42 |
many failed logins just for the purpose of spamming the system logs.) |
43 |
|
44 |
Any additional clues would be much appreciated, thanks. |