[arch-general] bad login attempts not written to /var/log/btmp
Hello, maybe I don't understand how the command "lastb" should work, but no matter how many times I try to login inputting a wrong password I still get nothing but this: $ sudo lastb btmp begins Fri May 6 23:40:14 2011 cheers renato
On 27/07/11 07:57, Renato wrote:
Hello, maybe I don't understand how the command "lastb" should work, but no matter how many times I try to login inputting a wrong password I still get nothing but this:
$ sudo lastb
btmp begins Fri May 6 23:40:14 2011
Seems to be working ok here. Does cat /var/log/btmp show anything?
On Wednesday 27 of July 2011 08:13:49 Ross wrote:
On 27/07/11 07:57, Renato wrote:
Hello, maybe I don't understand how the command "lastb" should work, but no matter how many times I try to login inputting a wrong password I still get nothing but this:
$ sudo lastb
btmp begins Fri May 6 23:40:14 2011
Seems to be working ok here. Does cat /var/log/btmp show anything?
not working here either. i686, [testing], the log file is empty -- Marek Otahal :o)
On 26/07/11, Marek Otahal wrote: | not working here either. i686, [testing], the log file is empty I don't use [testing] - does it use a different version of shadow? Maybe try setting this in /etc/login.defs: FTMP_FILE /var/log/btmp -- Simon Perry (aka Pezz)
On Wed, 27 Jul 2011 08:13:49 +1200 Ross <rosscoad@slingshot.co.nz> wrote:
On 27/07/11 07:57, Renato wrote:
Hello, maybe I don't understand how the command "lastb" should work, but no matter how many times I try to login inputting a wrong password I still get nothing but this:
$ sudo lastb
btmp begins Fri May 6 23:40:14 2011
Seems to be working ok here. Does cat /var/log/btmp show anything?
nope: renato@acerarch /var/log $ sudo cat btmp renato@acerarch /var/log $ permissions seem right though: renato@acerarch /var/log $ ls -lh btmp -rw------- 1 root root 0 May 6 23:40 btmp renato@acerarch /var/log $
On 07/27/2011 09:28 AM, Renato wrote:
On Wed, 27 Jul 2011 08:13:49 +1200 Ross<rosscoad@slingshot.co.nz> wrote:
On 27/07/11 07:57, Renato wrote:
Hello, maybe I don't understand how the command "lastb" should work, but no matter how many times I try to login inputting a wrong password I still get nothing but this:
$ sudo lastb
btmp begins Fri May 6 23:40:14 2011
Seems to be working ok here. Does cat /var/log/btmp show anything?
nope:
renato@acerarch /var/log $ sudo cat btmp renato@acerarch /var/log $
permissions seem right though:
renato@acerarch /var/log $ ls -lh btmp -rw------- 1 root root 0 May 6 23:40 btmp renato@acerarch /var/log $
have you removed syslog-ng from DAEMONS? -- Ionuț
On Wed, 27 Jul 2011 09:37:56 +0300 Ionut Biru <ibiru@archlinux.org> wrote:
have you removed syslog-ng from DAEMONS?
no, didn't know it conflicted with lastb. However, stopping it doesn't change the situtation, bad logins aren't logged to /var/log/btmp. Can I configure syslog-ng to report bad login attempts? cheers renato
On 27/07/11, Renato wrote: | no, didn't know it conflicted with lastb. However, stopping it doesn't | change the situtation, bad logins aren't logged to /var/log/btmp. | | Can I configure syslog-ng to report bad login attempts? Dude, it's not syslog-ng. Read the man pages, for example "man lastb" says: NOTES The files wtmp and btmp might not be found. The system only logs information in these files if they are present. This is a local configuration issue. If you want the files to be used, they can be created with a simple touch(1) command (for example, touch /var/log/wtmp). These are also clues (in the same man page): SEE ALSO shutdown(8), login(1), init(8) -- Simon Perry (aka Pezz)
On Wed, 27 Jul 2011 21:52:24 +1000 Simon Perry <arch@sanxion.net> wrote:
On 27/07/11, Renato wrote:
| no, didn't know it conflicted with lastb. However, stopping it doesn't | change the situtation, bad logins aren't logged to /var/log/btmp. | | Can I configure syslog-ng to report bad login attempts?
Dude, it's not syslog-ng.
Read the man pages, for example "man lastb" says:
NOTES The files wtmp and btmp might not be found. The system only logs information in these files if they are present. This is a local configuration issue. If you want the files to be used, they can be created with a simple touch(1) command (for example, touch /var/log/wtmp).
These are also clues (in the same man page):
SEE ALSO shutdown(8), login(1), init(8)
sorry, I think I don't understand what you're saying, maybe my english isn't very good. the files /var/log/wtmp and /var/log/btmp are indeed present in my system cheers renato
On 27/07/11, Renato wrote: | sorry, I think I don't understand what you're saying, maybe my english | isn't very good. the files /var/log/wtmp and /var/log/btmp are indeed | present in my system Make sure: - Your files are 600 and are owned by root:root - You run 'lastb' with sudo or as root - The place where /var/log is mounted is rw by root - agetty is running as root - sshd is running as root That's all I have to offer. If these things are ok, you should be ok. -- Simon Perry (aka Pezz)
On Wed, Jul 27, 2011 at 9:29 AM, Renato <rennabh@gmail.com> wrote:
On Wed, 27 Jul 2011 21:52:24 +1000 Simon Perry <arch@sanxion.net> wrote:
On 27/07/11, Renato wrote:
| no, didn't know it conflicted with lastb. However, stopping it doesn't | change the situtation, bad logins aren't logged to /var/log/btmp. | | Can I configure syslog-ng to report bad login attempts?
Dude, it's not syslog-ng.
Read the man pages, for example "man lastb" says:
NOTES The files wtmp and btmp might not be found. The system only logs information in these files if they are present. This is a local configuration issue. If you want the files to be used, they can be created with a simple touch(1) command (for example, touch /var/log/wtmp).
These are also clues (in the same man page):
SEE ALSO shutdown(8), login(1), init(8)
sorry, I think I don't understand what you're saying, maybe my english isn't very good. the files /var/log/wtmp and /var/log/btmp are indeed present in my system
cheers renato
Has your syslog-ng.conf file been updated to use lastb? -- Jason
participants (6)
-
Ionut Biru
-
Jason Reardon
-
Marek Otahal
-
Renato
-
Ross
-
Simon Perry