[Pkg-shadow-devel] Bug#776314: /var/log/faillog is never updated
Markus Hiereth
translation at hiereth.de
Thu Jan 27 12:43:05 GMT 2022
Package: login
Version: 1:4.8.1-1
Followup-For: Bug #776314
Dear Maintainer,
faillog does not file failed login attempts.
* What led up to the situation?
Problem apparently existed for a long time in the background.
There is nothing special with this Debian installation.
* What exactly did you do (or not do) that was effective (or
ineffective)?
* What was the outcome of this action?
Console logging is attached.
* What outcome did you expect instead?
Output of failed logs and blocking of login attemps when the maximun
number of failure has been exceeded.
Best regards
Markus Hiereth
-- System Information:
Debian Release: 11.1
APT prefers stable-security
APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 5.10.0-9-686-pae (SMP w/1 CPU thread)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages login depends on:
ii libaudit1 1:3.0-2
ii libc6 2.32-4
ii libcrypt1 1:4.4.18-4
ii libpam-modules 1.4.0-9+deb11u1
ii libpam-runtime 1.4.0-9+deb11u1
ii libpam0g 1.4.0-9+deb11u1
login recommends no packages.
login suggests no packages.
-- no debconf information
-------------- next part --------------
##Protocol from tty1
root at lune:~# faillog -u root
Login Fehlver. Maximum Letzter Auf
root 0 0 01/01/70 01:00:00 +0100 [5s Sperre]
root at lune:~# faillog -u tester1
[?2004l
Login Fehlver. Maximum Letzter Auf
tester1 0 5 01/01/70 01:00:00 +0100
[?2004hroot at lune:~# who
[?2004l
root tty1 2022-01-26 07:38
hiereth console 2022-01-26 06:46 (:0)
hiereth pts/0 2022-01-26 06:47 (:0)
hiereth pts/3 2022-01-26 09:01 (:0)
hiereth pts/4 2022-01-26 12:14 (:0)
#tester1 has now logged in to tty2
[?2004hroot at lune:~# who
[?2004l
root tty1 2022-01-26 07:38
hiereth console 2022-01-26 06:46 (:0)
hiereth pts/0 2022-01-26 06:47 (:0)
hiereth pts/3 2022-01-26 09:01 (:0)
hiereth pts/4 2022-01-26 12:14 (:0)
tester1 tty2 2022-01-26 13:55
[?2004hroot at lune:~# faillog -u tester1
[?2004l
Login Fehlver. Maximum Letzter Auf
tester1 0 5 01/01/70 01:00:00 +0100
#tester1 logged out
[?2004hroot at lune:~# who
[?2004l
root tty1 2022-01-26 07:38
hiereth console 2022-01-26 06:46 (:0)
hiereth pts/0 2022-01-26 06:47 (:0)
hiereth pts/3 2022-01-26 09:01 (:0)
hiereth pts/4 2022-01-26 12:14 (:0)
#tester1 uses a wrong password and is rejected
[?2004hroot at lune:~# who
[?2004l
root tty1 2022-01-26 07:38
hiereth console 2022-01-26 06:46 (:0)
hiereth pts/0 2022-01-26 06:47 (:0)
hiereth pts/3 2022-01-26 09:01 (:0)
hiereth pts/4 2022-01-26 12:14 (:0)
[?2004hroot at lune:~# faillog -u tester1
[?2004l
Login Fehlver. Maximum Letzter Auf
tester1 0 5 01/01/70 01:00:00 +0100
## respective snippet from authlog
Jan 26 13:55:18 lune login[3888]: pam_unix(login:session): session opened for user tester1(uid=502) by LOGIN(uid=0)
Jan 26 13:55:18 lune systemd-logind[374]: New session 26 of user tester1.
Jan 26 13:55:19 lune systemd: pam_unix(systemd-user:session): session opened for user tester1(uid=502) by (uid=0)
Jan 26 13:57:14 lune login[3888]: pam_unix(login:session): session closed for user tester1
Jan 26 13:57:14 lune systemd-logind[374]: Session 26 logged out. Waiting for processes to exit.
Jan 26 13:57:14 lune systemd-logind[374]: Removed session 26.
Jan 26 13:58:01 lune agetty[3932]: tty2: invalid character 0x1b in login name
Jan 26 13:58:27 lune login[3938]: pam_unix(login:auth): authentication failure; logname=LOGIN uid=0 euid=0 tty=/dev/tty2 ruser= rhost= user=tester1
Jan 26 13:58:29 lune login[3938]: FAILED LOGIN (1) on '/dev/tty2' FOR 'tester1', Authentication failure
## output of faillog: Timestamp old, file apparently recieved no records
-rw-r--r-- 1 root root 24048 24. Jan 09:37 /var/log/faillog
More information about the Pkg-shadow-devel
mailing list