On Wed, Mar 05, 2003 at 06:24:01PM +0100, Arno Luppold wrote:
It seems to me as if notifications about successful logins aren't sent to syslog.
yes. you are right. how about patching it to do so? find below a trivial patch. prove: tail -1 /var/log/messages Mar 5 19:07:09 minna login[18592]: successful login for `root' from tty2 cheers, Lars === for some of these steps you need be root. get i386/update/8.1/rpm/src/shadow-4.0.2-265.src.rpm from the suse update tree. rpm -Uhv shadow-4.0.2-265.src.rpm # # check neededforbuild, and usedforbuild. # probably you do not have all -devel packages in place. # I needed: # rpm -Uhv \ ./CD2/suse/i586/des-4.04b-501.i586.rpm \ ./CD3/suse/i586/cyrus-sasl-devel-1.5.27-256.i586.rpm \ ./CD3/suse/i586/libxcrypt-devel-1.1-44.i586.rpm # and, since we are on a _security_ list, NOT # ./CD4/suse/i586/openldap2-devel-2.1.4-26.i586.rpm # ./CD2/suse/i586/openssl-devel-0.9.6g-18.i586.rpm \ # ./CD3/suse/i586/heimdal-devel-0.4e-186.i586.rpm \ # BUT the updated (this output is from fou4s-lge ;) # openssl-devel 0.9.6g-55 (0.9.6g-18) 463kB # openldap2-devel 2.1.4-70 (2.1.4-26) 138kB # heimdal-devel 0.4e-207 (0.4e-186) 3997kB so get yourself the */update/rpm/*/openssl-devel etc. and install them. you may need updates for some other -devel or "neededforbuild" packages, too. # # now add the patch. I think this is the right place: # BTW, use at your own risk ;) # cat <<_EOF_ > /usr/src/packages/SOURCES/shadow-success-syslog.diff --- src/login.c.orig 2003-03-05 19:01:27.000000000 +0100 +++ src/login.c 2003-03-05 19:01:41.000000000 +0100 @@ -1004,6 +1004,9 @@ updwtmp (_PATH_WTMP, &ut); } + /* successful login to syslog, too */ + syslog (LOG_INFO, "successful login for `%s' from %s\n", + pwd->pw_name, hostname ? hostname : (ttyn+5) ); dolastlog (quietlog, pwd->pw_uid, tty, hostname); /* Maybe we move this to PAM ? */ _EOF_ # # tell the SPEC file, to use this patch # cd /usr/src/packages/SPECS cat << _END_OF_SPEC_PATCH_ | patch --- shadow.spec.orig 2003-03-05 18:31:32.000000000 +0100 +++ shadow.spec 2003-03-05 18:35:07.000000000 +0100 @@ -16,7 +16,7 @@ Group: System/Base Autoreqprov: on Version: 4.0.2 -Release: 265 +Release: 266 Summary: Shadow password suite Source: shadow-%{version}.tar.bz2 Source1: pam_login-3.9.tar.bz2 @@ -36,6 +36,7 @@ Patch6: pwdutils.sanitychecks.diff Patch7: pwdutils.20402.diff Patch8: shadow-4.0.2-64bit.diff +Patch9: shadow-success-syslog.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -58,6 +59,8 @@ %patch1 %patch6 %patch7 +cd ../pam_login-* +%patch9 %build libtoolize -c -f @@ -118,6 +121,8 @@ /usr/share/locale/*/LC_MESSAGES/pwdutils.mo %changelog -n shadow +* Wed Mar 5 2003 - l.g.e@web.de +- sucessful logins to syslog, too * Mon Jan 13 2003 - kukuk@suse.de - Fix seg.fault introduced through sanity check patch * Tue Nov 05 2002 - kukuk@suse.de _END_OF_SPEC_PATCH_ # # rebuilt source and binary rpm # rpm -ba --target i686-my_suse-linux shadow.spec # if you get some errors about hardlinks crossing filesystem border # here, because /var/ is not /usr/, you may want to # mkdir /usr/src/packages/TMP # chmod 1777 /usr/src/packages/TMP # echo '%_tmppath %{_topdir}/TMP' >> ~/.rpmmacros # # install the built rpm # rpm -Uhv ../RPMS/i686/shadow-4.0.2-266.i686.rpm # # thats it. # or, if you prefer, only compile rpm -bc shadow.spec search for the login binary, should be ../BUILD/pam_login*/src/login and replace that one only. or even unpack/patch/configure/make/compile/install all by hand ;)