[Pkg-shadow-devel] Bug#776314: /var/log/faillog is never updated

Thu, 27 Jan 2022 04:57:11 -0800 

Package: login
Version: 1:4.8.1-1
Followup-For: Bug #776314

Dear Maintainer,

faillog does not file failed login attempts.

   * What led up to the situation?

Problem apparently existed for a long time in the background.
There is nothing special with this Debian installation.


   * What exactly did you do (or not do) that was effective (or
     ineffective)?
   * What was the outcome of this action?

Console logging is attached.

   * What outcome did you expect instead?

Output of failed logs and blocking of login attemps when the maximun 
number of failure has been exceeded.

Best regards
Markus Hiereth


-- System Information:
Debian Release: 11.1
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 5.10.0-9-686-pae (SMP w/1 CPU thread)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages login depends on:
ii  libaudit1       1:3.0-2
ii  libc6           2.32-4
ii  libcrypt1       1:4.4.18-4
ii  libpam-modules  1.4.0-9+deb11u1
ii  libpam-runtime  1.4.0-9+deb11u1
ii  libpam0g        1.4.0-9+deb11u1

login recommends no packages.

login suggests no packages.

-- no debconf information

##Protocol from tty1

root@lune:~# faillog -u root
Login       Fehlver. Maximum Letzter                  Auf

root            0        0   01/01/70 01:00:00 +0100   [5s Sperre]

root@lune:~# faillog -u tester1
[?2004l
Login       Fehlver. Maximum Letzter                  Auf

tester1         0        5   01/01/70 01:00:00 +0100  

[?2004hroot@lune:~# who
[?2004l
root     tty1         2022-01-26 07:38
hiereth  console      2022-01-26 06:46 (:0)
hiereth  pts/0        2022-01-26 06:47 (:0)
hiereth  pts/3        2022-01-26 09:01 (:0)
hiereth  pts/4        2022-01-26 12:14 (:0)

#tester1 has now logged in to tty2

[?2004hroot@lune:~# who
[?2004l
root     tty1         2022-01-26 07:38
hiereth  console      2022-01-26 06:46 (:0)
hiereth  pts/0        2022-01-26 06:47 (:0)
hiereth  pts/3        2022-01-26 09:01 (:0)
hiereth  pts/4        2022-01-26 12:14 (:0)
tester1  tty2         2022-01-26 13:55

[?2004hroot@lune:~# faillog -u tester1
[?2004l
Login       Fehlver. Maximum Letzter                  Auf

tester1         0        5   01/01/70 01:00:00 +0100  

#tester1 logged out

[?2004hroot@lune:~# who

[?2004l
root     tty1         2022-01-26 07:38
hiereth  console      2022-01-26 06:46 (:0)
hiereth  pts/0        2022-01-26 06:47 (:0)
hiereth  pts/3        2022-01-26 09:01 (:0)
hiereth  pts/4        2022-01-26 12:14 (:0)

#tester1 uses a wrong password and is rejected

[?2004hroot@lune:~# who

[?2004l
root     tty1         2022-01-26 07:38
hiereth  console      2022-01-26 06:46 (:0)
hiereth  pts/0        2022-01-26 06:47 (:0)
hiereth  pts/3        2022-01-26 09:01 (:0)
hiereth  pts/4        2022-01-26 12:14 (:0)

[?2004hroot@lune:~# faillog -u tester1

[?2004l
Login       Fehlver. Maximum Letzter                  Auf

tester1         0        5   01/01/70 01:00:00 +0100  


## respective snippet from authlog

Jan 26 13:55:18 lune login[3888]: pam_unix(login:session): session opened for 
user tester1(uid=502) by LOGIN(uid=0)
Jan 26 13:55:18 lune systemd-logind[374]: New session 26 of user tester1.
Jan 26 13:55:19 lune systemd: pam_unix(systemd-user:session): session opened 
for user tester1(uid=502) by (uid=0)
Jan 26 13:57:14 lune login[3888]: pam_unix(login:session): session closed for 
user tester1
Jan 26 13:57:14 lune systemd-logind[374]: Session 26 logged out. Waiting for 
processes to exit.
Jan 26 13:57:14 lune systemd-logind[374]: Removed session 26.
Jan 26 13:58:01 lune agetty[3932]: tty2: invalid character 0x1b in login name
Jan 26 13:58:27 lune login[3938]: pam_unix(login:auth): authentication failure; 
logname=LOGIN uid=0 euid=0 tty=/dev/tty2 ruser= rhost=  user=tester1
Jan 26 13:58:29 lune login[3938]: FAILED LOGIN (1) on '/dev/tty2' FOR 
'tester1', Authentication failure

## output of faillog: Timestamp old, file apparently recieved no records
-rw-r--r-- 1 root root 24048 24. Jan 09:37 /var/log/faillog

_______________________________________________
Pkg-shadow-devel mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

Reply via email to