Re: [lfs-support] 6.06 Creating Essential Files and Symlinks

Tue, 14 Feb 2012 18:05:28 -0800 

On Feb 14, 2012, at 6:25 AM, Andrew Benton wrote:

> On Mon, 13 Feb 2012 16:53:25 -0800
> Qrux <[email protected]> wrote:
> 
>> "Empirical" testing shows that login writes to btmp.  I infer, from that 
>> description given at TLDP, that everything that logs a bad-login attempt 
>> (e.g., login) ought to be writing to this file.  It is NOT an SSH-specific 
>> thing.
> 
> You appear to be wrong. login writes to /var/log/wtmp,
> not /var/login/btmp. If I try to login as root (on tty1) and
> enter the wrong password nothing gets written to /var/login/btmp. Maybe
> login _should_ be writing the failed login attempt to /var/log/btmp,
> maybe login is broken?

That's very interesting.  Here's what I see when I do it:

==
xlapp [/var/log] # strings btmp
tty1
root
tty1
UNKNOWN
tty1
UNKNOWN
ssh:notty
qrux
192.168.0.4
==

First, a bad attempt as root (tty1, obv).  Then, bad attempt as user 'hello', 
then bad attempt as user 'world', then bad attempt via ssh.  I can't confirm 
it's 'login' that's writing the entry, but something other than SSH is, and I 
don't have PAM.

Did you do this *before* or *after* you corrected the perms in btmp?

> The only application on my system that writes to /var/login/btmp is
> ssh, so I suggest that we move creating this file to the ssh page in
> BLFS.

Also, did you install shadow from LFS?

Because I see this in my /etc/login.defs:

        xlapp [/var/log] # grep tmp /etc/login.defs 
        # If defined, login failures will be logged here in a utmp format.
        # last, when invoked as lastb, will read /var/log/btmp, so...
        FTMP_FILE       /var/log/btmp

And I see this in in shadow:

        xlapp [~/lfs/src/shadow-4.1.4.3/etc] # grep tmp login.defs
        # If defined, login failures will be logged here in a utmp format.
        # last, when invoked as lastb, will read /var/log/btmp, so...
        FTMP_FILE       /var/log/btmp

I assume (perhaps tacitly) that this is being installed on your system, too, if 
you're installing shadow.  Again, IDK if it's login that's writing to this 
file.  But something is.  Your data differs from mine, but I don't think that 
qualifies my data as being "wrong".  LOL

        Q

-- 
http://linuxfromscratch.org/mailman/listinfo/lfs-support
FAQ: http://www.linuxfromscratch.org/lfs/faq.html
Unsubscribe: See the above information page

Reply via email to