Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

Those who can't write, write manuals.


computers / alt.os.linux.suse / Re: Failed logins?

SubjectAuthor
* Failed logins?Sidney_Kotic
+- Re: Failed logins?Carlos E. R.
`- Re: Failed logins?William Unruh

1
Failed logins?

<sgmq65$i5s$1@gioia.aioe.org>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=282&group=alt.os.linux.suse#282

 copy link   Newsgroups: alt.os.linux.suse
Path: i2pn2.org!i2pn.org!aioe.org!kLvrZrZfyHXjnygC6xRGCA.user.46.165.242.91.POSTED!not-for-mail
From: kan...@have.it (Sidney_Kotic)
Newsgroups: alt.os.linux.suse
Subject: Failed logins?
Date: Tue, 31 Aug 2021 18:57:08 -0800
Organization: Aioe.org NNTP Server
Message-ID: <sgmq65$i5s$1@gioia.aioe.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Info: gioia.aioe.org; logging-data="18620"; posting-host="kLvrZrZfyHXjnygC6xRGCA.user.gioia.aioe.org"; mail-complaints-to="abuse@aioe.org";
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
Thunderbird/78.7.0
Content-Language: en-US
X-Notice: Filtered by postfilter v. 0.9.2
X-Mozilla-News-Host: news://news.aioe.org:119
 by: Sidney_Kotic - Wed, 1 Sep 2021 02:57 UTC

Is there a "simple", for my simple mind, way to produce a listing of all the
logins that failed for a specific (say yesterday) period via a cronjob?

As root, or using sudo, this sorta works, for successful logins:
journalctl --unit=systemd-logind --since 2021-08-30 --until 2021-08-31

Re: Failed logins?

<d2i30ixloq.ln2@minas-tirith.valinor>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=284&group=alt.os.linux.suse#284

 copy link   Newsgroups: alt.os.linux.suse
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!4.us.feeder.erje.net!2.eu.feeder.erje.net!feeder.erje.net!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: robin_li...@es.invalid (Carlos E. R.)
Newsgroups: alt.os.linux.suse
Subject: Re: Failed logins?
Date: Wed, 1 Sep 2021 08:09:49 +0200
Lines: 38
Message-ID: <d2i30ixloq.ln2@minas-tirith.valinor>
References: <sgmq65$i5s$1@gioia.aioe.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-Trace: individual.net Y1ZwqeKyfoTF/dHq96W9vwaxOxNHVZUzf5plmkr4kJjCX47APK
X-Orig-Path: minas-tirith.valinor!not-for-mail
Cancel-Lock: sha1:GdhJS4Z/j5/OT2je5onSz5Id6HU=
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
Thunderbird/78.12.0
In-Reply-To: <sgmq65$i5s$1@gioia.aioe.org>
Content-Language: en-GB
 by: Carlos E. R. - Wed, 1 Sep 2021 06:09 UTC

On 01/09/2021 04.57, Sidney_Kotic wrote:
> Is there a "simple", for my simple mind, way to produce a listing of all
> the logins that failed for a specific (say yesterday) period via a cronjob?
>
> As root, or using sudo, this sorta works, for successful logins:
> journalctl --unit=systemd-logind --since 2021-08-30 --until 2021-08-31
>

Have a look at this:

minas-tirith:~ # zypper info acct
Loading repository data...
Reading installed packages...

Information for package acct:
-----------------------------
Repository : Main Repository (OSS)
Name : acct
Version : 6.6.4-lp152.3.6
Arch : x86_64
Vendor : openSUSE
Installed Size : 173.4 KiB
Installed : No
Status : not installed
Source package : acct-6.6.4-lp152.3.6.src
Summary : User-Specific Process Accounting
Description :
This package contains the programs necessary for user-specific process
accounting: sa, accton, and lastcomm.

minas-tirith:~ #

--
Cheers,
Carlos E.R.

Re: Failed logins?

<sgom1i$naf$1@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=286&group=alt.os.linux.suse#286

 copy link   Newsgroups: alt.os.linux.suse
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: unr...@invalid.ca (William Unruh)
Newsgroups: alt.os.linux.suse
Subject: Re: Failed logins?
Date: Wed, 1 Sep 2021 19:58:42 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 17
Message-ID: <sgom1i$naf$1@dont-email.me>
References: <sgmq65$i5s$1@gioia.aioe.org>
Injection-Date: Wed, 1 Sep 2021 19:58:42 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="aea36b660d5cf24eaced971f0740282b";
logging-data="23887"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+XnZ1QdsiCJ9eyDLkCDopO"
User-Agent: slrn/1.0.3 (Linux)
Cancel-Lock: sha1:pMW/IlXAVnG8yEv/Cc0doqN7Z4g=
 by: William Unruh - Wed, 1 Sep 2021 19:58 UTC

On 2021-09-01, Sidney_Kotic <kant@have.it> wrote:
> Is there a "simple", for my simple mind, way to produce a listing of all the
> logins that failed for a specific (say yesterday) period via a cronjob?
>
> As root, or using sudo, this sorta works, for successful logins:
> journalctl --unit=systemd-logind --since 2021-08-30 --until 2021-08-31

I never did like systemd logging-- a log is a place of last resort,
which should be readable even if you have nothing working, not an
incomprehensible database which requires a special program to read it.
So I also use rsyslog and have an auth.log file in /var/log.

I have a cron job whichlooks for failed ssh logins.
So it has lines like
grep 'sshd.*Failed password for' /var/log/auth.log|awk '{print $(NF-3)}'>$OUTPUT

>

1
server_pubkey.txt

rocksolid light 0.9.7
clearnet tor