Maybe a little background would help here. I'm working on a log watcher (of sorts) for failed SSH logins, only, I'm looking at registered users exclusively. Auth.log seems too cumbersome to watch and extract out registered users if a distributed attack occurs. So, I wanted to use tallylog to see how many failed attempts have occurred for registered users and use a script from there to take action. What do you think? On Jan 23, 2016 6:22 PM, "Paul Whitney" <[email protected]> wrote:
> Re #1. Maybe what you are looking for is to parse output of command > 'lastb'. > > Re #2. There is lots of Google references to PAM. > > Paul Whitney > email: [email protected] > cell: 410.493.9448 > > Sent from my iPhone > > > On Jan 23, 2016, at 16:18, Phil Beckley <[email protected]> wrote: > > > > Hi all, > > > > I've been looking for documentation and in forums, but I'm not having > any luck getting more information on the items in the subject. I have a > couple of questions and please let me know if this isn't the right place to > address these questions. > > > > 1. Why is tallylog a binary file? I would love to parse it like a log, > but that seems like a difficult task. > > 2. Is there a more in-depth description/explanation of how to modify the > pam conf files? I was looking at the PAM SA guide, but was unable to make > sense of a lot of it as I don't have a background in PAM, as a whole. > > > > Thanks for your help. > > > > > > P > > _______________________________________________ > > Pam-list mailing list > > [email protected] > > https://www.redhat.com/mailman/listinfo/pam-list > > _______________________________________________ > Pam-list mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/pam-list >
_______________________________________________ Pam-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/pam-list
