[SOLVED] Send mail on failed attempt to login

milljunky · 06-02-2012, 08:30 PM

Hi everyone!

My question is pretty straight-forward.
I have a mail server running on a desktop, and I want to be notified for each failed login attempt on the machine. Someone types a wrong password => e-mail to root.

By default I am already notified by failed sudo's.

I've searched a lot but I couldn't find the way.
I imagine it's done through PAM, right?

Thank you in advance.

unSpawn · 06-03-2012, 04:34 AM

Quote:

Originally Posted by milljunky

I want to be notified for each failed login attempt on the machine. Someone types a wrong password => e-mail to root.

I always wonder how one would prioritize it when faced with a gazillion alerts happening in a short period of time, what happens when the recipient isn't at his or her desk or doesn't get instant mail notifications, what happens if the MTA or route is down, what kind of security people think this provides or whatever else they want with instant notification?..

Quote:

Originally Posted by milljunky

I imagine it's done through PAM, right?

Anyway. If PAM is used then failures are logged to /var/log/secure or whatever else you configured (r)syslog(-ng) with and if not then the service may provide its own log file. Any log file can be watched with Logcheck, Swatch or a cronjob that greps the log file for strings and alerts you.

milljunky · 06-03-2012, 12:09 PM

Hi!

Of course I'm not relying all my security in it. It's just a test in a small workstation.
Thanks for your help.