[opensuse] How do I see if someone has tried to log on to my computer...
Say I click on the 'lock' button on the taskbar (the one above the system on/off button). The screen goes black and if I hit a key on the keyboard or move the mouse, a small window pops up asking me for the user password. How do I find out if someone has tried to 'log in'? Even if they hit a key on accident or moves the mouse on accident, does the system log this too? If it's in a log somewhere, will it be easily human readable? JB -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Saturday 13 October 2007 16:56, JB2 wrote:
Say I click on the 'lock' button on the taskbar (the one above the system on/off button). The screen goes black and if I hit a key on the keyboard or move the mouse, a small window pops up asking me for the user password.
How do I find out if someone has tried to 'log in'? Even if they hit a key on accident or moves the mouse on accident, does the system log this too? If it's in a log somewhere, will it be easily human readable?
How do we really know the synthesizer of this message is human?? Anyway, in /var/log/messages (accessible only by root), unsuccessful login and unlock attempts (including those via ssh, which will often yield long traces of remote password-guessing break-in attempts) are recorded. Here's the result of a test in which I gave an invalid password twice and then gave the correct one: Oct 13 17:04:14 twain kcheckpass[17151]: Authentication failure for rschulz (invoked by uid 1000) Oct 13 17:04:21 twain kcheckpass[17157]: Authentication failure for rschulz (invoked by uid 1000)
JB
Randall Schulz -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 10/13/07, JB2
Say I click on the 'lock' button on the taskbar (the one above the system on/off button). The screen goes black and if I hit a key on the keyboard or move the mouse, a small window pops up asking me for the user password.
How do I find out if someone has tried to 'log in'? Even if they hit a key on accident or moves the mouse on accident, does the system log this too? If it's in a log somewhere, will it be easily human readable?
Just showing the password dialog is not logged. But a login attempt with bad password is logged in /var/log/messages: 1. kdm login: Oct 13 19:04:23 compy kcheckpass[15345]: Authentication failure for sunny (invoked by uid 1000) 2. Text login (tty console): Oct 13 19:08:26 compy login[15308]: FAILED LOGIN 1 FROM /dev/tty2 FOR sunny, Authentication failure Strangely, if you try to log in with some username which does not exists on the system: 1. kdm login (invoked with switch user on the lock dialog) - produces nothing 2. Text login: Oct 13 19:02:31 compy login[7175]: FAILED LOGIN 1 FROM /dev/tty2 FOR UNKNOWN, User not known to the underlying authentication module This is strange, as it does not record which username was tried. And the kdm login attempt is not logged at all. Also, all ssh login attempts are logged in the same file. Cheers -- Svetoslav Milenov (Sunny) Even the most advanced equipment in the hands of the ignorant is just a pile of scrap. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
check the login.defs file.
# less /etc/login.defs
On 10/13/07, Sunny
On 10/13/07, JB2
wrote: Say I click on the 'lock' button on the taskbar (the one above the system on/off button). The screen goes black and if I hit a key on the keyboard or move the mouse, a small window pops up asking me for the user password.
How do I find out if someone has tried to 'log in'? Even if they hit a key on accident or moves the mouse on accident, does the system log this too? If it's in a log somewhere, will it be easily human readable?
Just showing the password dialog is not logged. But a login attempt with bad password is logged in /var/log/messages:
1. kdm login: Oct 13 19:04:23 compy kcheckpass[15345]: Authentication failure for sunny (invoked by uid 1000) 2. Text login (tty console): Oct 13 19:08:26 compy login[15308]: FAILED LOGIN 1 FROM /dev/tty2 FOR sunny, Authentication failure
Strangely, if you try to log in with some username which does not exists on the system: 1. kdm login (invoked with switch user on the lock dialog) - produces nothing 2. Text login: Oct 13 19:02:31 compy login[7175]: FAILED LOGIN 1 FROM /dev/tty2 FOR UNKNOWN, User not known to the underlying authentication module
This is strange, as it does not record which username was tried. And the kdm login attempt is not logged at all.
Also, all ssh login attempts are logged in the same file.
Cheers
-- Svetoslav Milenov (Sunny)
Even the most advanced equipment in the hands of the ignorant is just a pile of scrap. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-- cheers, dg <a href="http://opensuse.org"><img style="border: 0px solid ; width: 80px; height: 15px;" alt="openSUSE.org" title="openSUSE.org" src="http://files.opensuse.org/opensuse/en/6/6e/Suselinux-green.png" /></a> -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
sorry, typing too fast.
i meant, checn the login.defs file for where to look and how to tweak
and configure failed auth logging.
On 10/13/07, darko g
check the login.defs file.
# less /etc/login.defs
On 10/13/07, Sunny
wrote: On 10/13/07, JB2
wrote: Say I click on the 'lock' button on the taskbar (the one above the system on/off button). The screen goes black and if I hit a key on the keyboard or move the mouse, a small window pops up asking me for the user password.
How do I find out if someone has tried to 'log in'? Even if they hit a key on accident or moves the mouse on accident, does the system log this too? If it's in a log somewhere, will it be easily human readable?
Just showing the password dialog is not logged. But a login attempt with bad password is logged in /var/log/messages:
1. kdm login: Oct 13 19:04:23 compy kcheckpass[15345]: Authentication failure for sunny (invoked by uid 1000) 2. Text login (tty console): Oct 13 19:08:26 compy login[15308]: FAILED LOGIN 1 FROM /dev/tty2 FOR sunny, Authentication failure
Strangely, if you try to log in with some username which does not exists on the system: 1. kdm login (invoked with switch user on the lock dialog) - produces nothing 2. Text login: Oct 13 19:02:31 compy login[7175]: FAILED LOGIN 1 FROM /dev/tty2 FOR UNKNOWN, User not known to the underlying authentication module
This is strange, as it does not record which username was tried. And the kdm login attempt is not logged at all.
Also, all ssh login attempts are logged in the same file.
Cheers
-- Svetoslav Milenov (Sunny)
Even the most advanced equipment in the hands of the ignorant is just a pile of scrap. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-- cheers, dg
<a href="http://opensuse.org"><img style="border: 0px solid ; width: 80px; height: 15px;" alt="openSUSE.org" title="openSUSE.org" src="http://files.opensuse.org/opensuse/en/6/6e/Suselinux-green.png" /></a>
-- cheers, dg <a href="http://opensuse.org"><img style="border: 0px solid ; width: 80px; height: 15px;" alt="openSUSE.org" title="openSUSE.org" src="http://files.opensuse.org/opensuse/en/6/6e/Suselinux-green.png" /></a> -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 10/14/07, darko g
sorry, typing too fast.
i meant, checn the login.defs file for where to look and how to tweak and configure failed auth logging.
On 10/13/07, darko g
wrote: check the login.defs file.
# less /etc/login.defs
Thanks, it was, enough. Cheers -- Svetoslav Milenov (Sunny) Even the most advanced equipment in the hands of the ignorant is just a pile of scrap. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
How do I find out if someone has tried to 'log in'? Even if they hit a key on accident or moves the mouse on accident, does the system log this too? If it's in a log somewhere, will it be easily human readable?
It should be in /var/log/messages -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (5)
-
darko g
-
JB2
-
Michael S. Dunsavage
-
Randall R Schulz
-
Sunny