View previous topic :: View next topic |
Author |
Message |
mwoodiupui n00b
Joined: 13 Oct 2004 Posts: 48 Location: Indianapolis, IN, USA
|
Posted: Mon May 17, 2021 5:58 pm Post subject: PAM replacements for login.defs? |
|
|
/etc/login.defs is littered with notes: "NOTE: This setting should be configured via /etc/pam.d/ and not in this file."
Uh, okay, how?
The specific issue that brought me here is failure to find any alternative to setting for getting written. |
|
Back to top |
|
|
eccerr0r Watchman
Joined: 01 Jul 2004 Posts: 9679 Location: almost Mile High in the USA
|
Posted: Wed May 19, 2021 11:53 pm Post subject: |
|
|
Have a feeling some of the notes may be false...
Did you try enabling and it still doesn't work? Might have to make sure there's an empty file there before it starts logging...
Which specific program do you want logging? _________________ Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching? |
|
Back to top |
|
|
mwoodiupui n00b
Joined: 13 Oct 2004 Posts: 48 Location: Indianapolis, IN, USA
|
Posted: Thu May 20, 2021 7:28 pm Post subject: |
|
|
I enabled FTMP_FILE, and it is logging to btmp all of the kiddies who are constantly trying to break in via SSH. But that note makes me think that some maintainer is working to disable it altogether in favor of PAM, so why not just do what the maintainer wants me to do, as long as I get the log?
Quote: | Which specific program do you want logging? |
Any program for which it is possible to fail login. Corporate IT wants us to feed this stuff to their central ELK Stack log sink for some reason, and ELK wants to watch btmp. |
|
Back to top |
|
|
eccerr0r Watchman
Joined: 01 Jul 2004 Posts: 9679 Location: almost Mile High in the USA
|
Posted: Thu May 20, 2021 7:44 pm Post subject: |
|
|
Seems pam isn't the only btmp user, so that's why there's some concern - depends on the actual and individual programs to maintain btmp.
Since sshd does not go through login, login.defs doesn't quite make sense here either.
Looks like pam_lastlog deals with btmp, but can't seem to find much configuration, it will use it directly - I didn't need to configure it, it started writing to btmp after I created it (and made sure the mode is correct.) The btmp file seems to be a compile time option as well... _________________ Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching? |
|
Back to top |
|
|
|