Re: /var/log/faillog
On Sat, 01 Sep 2012 15:47:15 +0200, lee wrote:
> how come that failed logins aren't recorded in /var/log/faillog?
I tend to review "/var/log/auth.log" for success/failed logins.
> The file exists and is from July this year. When I run "faillog -a", it
> lists entries like:
>
>
> lee 0 0 01/01/70 01:00:00 +0100
I get similar results. Maybe is that it needs to be configured first
somehow :-?
> There have been failed logins, though, and logging them is enabled in
> /etc/login.defs. Interestingly, I can run "faillog -a" as ordinary user
> and get the same results as when running it as root. That arises
> privacy concerns. Is it supposed to be like this?
Yes, it can lead to privacy concerns. You can change the file permissions
to be more conservative (read-write only by user-group which is set to
"root") when running over a multi-user system.
Greetings,
--
Camaleón
Reply to: