How do I display the number of failed login attempts when a user logs in?

Latest response

Hi,

I have a RHEL 6.2 machine.

 

I am required by a customer to display the number of failed login attempts to the users account upon his login.

 

Currently (by default) when the user logs in (SSH) he gets the "Last login: " with the date of the last login.

I could not find where this is configured and how (if at all possible) I can add the # of failed login attempts to the display.

 

Thanks in advance,

Itamar

fu
Log in to join the conversation

Responses

TJ Guru 1883 points
11 April 2012 9:53 PM

Have you looked at pam_lastlog?

PAM_LASTLOG(8)                 Linux-PAM Manual                 PAM_LASTLOG(8)

NAME
       pam_lastlog - PAM module to display date of last login

SYNOPSIS
       pam_lastlog.so [debug] [silent] [never] [nodate] [nohost] [noterm]
                      [nowtmp] [noupdate] [showfailed]

DESCRIPTION
       pam_lastlog is a PAM module to display a line of information about the
       last login of the user. In addition, the module maintains the
       /var/log/lastlog file.

       Some applications may perform this function themselves. In such cases,
       this module is not necessary.

OPTIONS

[...DELETED FOR BREVITY...]

       showfailed
           Display number of failed login attempts and the date of the last
           failed attempt from btmp. The date is not displayed when nodate is
           specified.
fu Community Member 22 points
15 April 2012 7:00 AM

Thank you so much Thomas!

 

Got it to work!

I have modifiet the /etc/pam.d/sshd file, added the line "session  required  pam_lastlog.so silent showfailed"

working perfect!

 

Thanks again

Itamar