Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: /var/log/faillog

Hybrid View

  1. #1

    Default /var/log/faillog

    Hi, how to view /var/log/faillog in openSUSE11.4

    Code:
    m1140:/ # /var/log/faillog
    -bash: /var/log/faillog: cannot execute binary file
    m1140:/ # l /var/log/faillog
    -rwxrwxrwx 1 root root 320096 Nov  6 20:28 /var/log/faillog*

    Thanks.

  2. #2
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: /var/log/faillog

    On 2012-02-20 23:46, avrely wrote:
    >
    > Hi, how to view /var/log/faillog in openSUSE11.4
    >
    >
    > Code:
    > --------------------
    > m1140:/ # /var/log/faillog
    > -bash: /var/log/faillog: cannot execute binary file
    > m1140:/ # l /var/log/faillog
    > -rwxrwxrwx 1 root root 320096 Nov 6 20:28 /var/log/faillog*
    > --------------------


    Be careful, you might succeed executing a non executable file as root and
    destroy your system - which is not normal, those permissions are not the
    standard. You have done something.

    I think it was done with acct.


    --
    Cheers / Saludos,

    Carlos E. R.
    (from 11.4 x86_64 "Celadon" at Telcontar)

  3. #3

    Default Re: /var/log/faillog

    Quote Originally Posted by robin_listas View Post
    On 2012-02-20 23:46, avrely wrote:
    >
    > Hi, how to view /var/log/faillog in openSUSE11.4
    >
    >
    > Code:
    > --------------------
    > m1140:/ # /var/log/faillog
    > -bash: /var/log/faillog: cannot execute binary file
    > m1140:/ # l /var/log/faillog
    > -rwxrwxrwx 1 root root 320096 Nov 6 20:28 /var/log/faillog*
    > --------------------


    Be careful, you might succeed executing a non executable file as root and
    destroy your system - which is not normal, those permissions are not the
    standard. You have done something.

    I think it was done with acct.


    --
    Cheers / Saludos,

    Carlos E. R.
    (from 11.4 x86_64 "Celadon" at Telcontar)
    I have changed to 0600

    Code:
    m1140:~ # l /var/log/faillog
    -rw------- 1 root root 320096 Nov  6 20:28 /var/log/faillog
    But how do I use this log? How can i read it?

  4. #4
    Join Date
    Feb 2010
    Location
    Germany
    Posts
    4,654

    Default Re: /var/log/faillog

    I think faillog is deprecated (have no authoritative link for that but
    the faillog command which read /var/log/faillog does no longer exist for
    quite a while).
    Have a look at pam_tally2, you need to run it as root ("man pam_tally2"
    tells you more), you probably need to configure your system to write the
    info needed (/var/log/tallylog) by pam_tally2.

    --
    PC: oS 11.4 (dual boot 12.1) 64 bit | Intel Core i7-2600@3.40GHz | KDE
    4.6.0 | GeForce GT 420 | 16GB Ram
    Eee PC 1201n: oS 11.4 64 bit | Intel Atom 330@1.60GHz | KDE 4.8.0 |
    nVidia ION | 3GB Ram

  5. #5
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: /var/log/faillog

    On 2012-02-21 10:55, Martin Helm wrote:
    > I think faillog is deprecated (have no authoritative link for that but
    > the faillog command which read /var/log/faillog does no longer exist for
    > quite a while).


    No, something is writing my faillog in my machine even now. It is dated Jan
    20 here. But I intentionally tried to login with a false password and then
    with a false identity, and the file was not updated. I don't know who is
    writing it.

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 11.4 x86_64 "Celadon" at Telcontar)

  6. #6
    Join Date
    Feb 2010
    Location
    Germany
    Posts
    4,654

    Default Re: /var/log/faillog

    Am 21.02.2012 13:08, schrieb Carlos E. R.:
    > No, something is writing my faillog in my machine even now. It is dated Jan
    > 20 here. But I intentionally tried to login with a false password and then
    > with a false identity, and the file was not updated. I don't know who is
    > writing it.
    >

    You understand me wrong I said the faillog COMMAND is no longer there
    which was used in older versions to read /var/log/faillog! The
    /var/log/faillog is a far as I can see written by pam_tally (not
    pam_tally2 which uses /var/log/tallylog).
    The newer /var/log/tallylog is not written unless you configure it and I
    also see on a 11.4 which is not an updated older version but was a fresh
    install that faillog always remains at a size of 1 byte and does not
    change when I intentionaly perform a failed login.

    So maybe you can simply read it with "pam_tally --user xxx" (which is
    deprecated).

    --
    PC: oS 11.4 (dual boot 12.1) 64 bit | Intel Core i7-2600@3.40GHz | KDE
    4.6.0 | GeForce GT 420 | 16GB Ram
    Eee PC 1201n: oS 11.4 64 bit | Intel Atom 330@1.60GHz | KDE 4.8.0 |
    nVidia ION | 3GB Ram

  7. #7
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: /var/log/faillog

    On 2012-02-21 13:54, Martin Helm wrote:

    > You understand me wrong I said the faillog COMMAND is no longer there
    > which was used in older versions to read /var/log/faillog! The
    > /var/log/faillog is a far as I can see written by pam_tally (not
    > pam_tally2 which uses /var/log/tallylog).



    Code:
    Telcontar:~ # l /var/log/faillog
    -rw------- 1 root root 64096 Jan 20 02:09 /var/log/faillog
    Telcontar:~ # l /var/log/tallylog
    -rw------- 1 root root 0 Jun  8  2011 /var/log/tallylog
    Somebody writes faillog with I have no idea what information.

    > The newer /var/log/tallylog is not written unless you configure it and I
    > also see on a 11.4 which is not an updated older version but was a fresh
    > install that faillog always remains at a size of 1 byte and does not
    > change when I intentionaly perform a failed login.
    >
    > So maybe you can simply read it with "pam_tally --user xxx" (which is
    > deprecated).
    >


    Code:
    Telcontar:~ # pam_tally --user cer
    
    pam_tally is deprecated and pam_tally2 should be used instead
    
    User cer        (1000)  has 0
    Telcontar:~ # pam_tally2 --user cer
    Login           Failures Latest failure     From
    cer                 0
    Telcontar:~ #

    which is not true, there are failed logins.

    Maybe pam is misconfigured in my system.

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 11.4 x86_64 "Celadon" at Telcontar)

  8. #8
    Join Date
    Feb 2010
    Location
    Germany
    Posts
    4,654

    Default Re: /var/log/faillog

    Am 21.02.2012 14:08, schrieb Carlos E. R.:
    >
    Code:
    > Telcontar:~ # l /var/log/faillog
    > -rw------- 1 root root 64096 Jan 20 02:09 /var/log/faillog
    > Telcontar:~ # l /var/log/tallylog
    > -rw------- 1 root root 0 Jun  8  2011 /var/log/tallylog
    >
    >
    >
    > Somebody writes faillog with I have no idea what information.

    Is this an updated system on my machine faillog has always 1 byte, no
    change at all.

    >
    > [CODE]
    > Telcontar:~ # pam_tally --user cer
    >
    > pam_tally is deprecated and pam_tally2 should be used instead
    >
    > User cer (1000) has 0

    Can you try
    Code:
    pam_tally --file /var/log/faillog --user cer
    ?

    --
    PC: oS 11.4 (dual boot 12.1) 64 bit | Intel Core i7-2600@3.40GHz | KDE
    4.6.0 | GeForce GT 420 | 16GB Ram
    Eee PC 1201n: oS 11.4 64 bit | Intel Atom 330@1.60GHz | KDE 4.8.0 |
    nVidia ION | 3GB Ram

  9. #9
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: /var/log/faillog

    On 2012-02-21 14:38, Martin Helm wrote:
    > Am 21.02.2012 14:08, schrieb Carlos E. R.:


    >> Somebody writes faillog with I have no idea what information.

    > Is this an updated system on my machine faillog has always 1 byte, no
    > change at all.


    Yep, upgraded system.


    > Can you try
    >
    Code:
    > pam_tally --file /var/log/faillog --user cer
    >
    > ?



    Same result.

    Code:
    Telcontar:~ # pam_tally --file /var/log/faillog --user cer
    
    pam_tally is deprecated and pam_tally2 should be used instead
    
    User cer        (1000)  has 0
    --
    Cheers / Saludos,

    Carlos E. R.
    (from 11.4 x86_64 "Celadon" at Telcontar)

  10. #10

    Default Re: /var/log/faillog

    Hm...

    Code:
    m1140:~ # pam_tally
    
    pam_tally is deprecated and pam_tally2 should be used instead
    
    m1140:~ # pam_tally2
    pam_tally2: No such file or directory

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •