Bug 1344649 - rfe - pam_tally2 report all fail counts in secure log
Summary: rfe - pam_tally2 report all fail counts in secure log
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: pam
Version: 7.2
Hardware: All
OS: Linux
unspecified
medium
Target Milestone: rc
: ---
Assignee: Tomas Mraz
QA Contact: Dalibor Pospíšil
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-06-10 09:08 UTC by Dalibor Pospíšil
Modified: 2016-06-10 10:08 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of: 1272158
Environment:
Last Closed: 2016-06-10 10:08:17 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Dalibor Pospíšil 2016-06-10 09:08:47 UTC
+++ This bug was initially created as a clone of Bug #1272158 +++

Description of problem:
 - RFE for pam_tally2 to report all fail counts in secure log

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:

Oct 15 11:04:48 el6server unix_chkpwd[1964]: password check failed for user (lockme)
Oct 15 11:04:48 el6server sshd[1962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=localhost  user=lockme
Oct 15 11:04:49 el6server sshd[1962]: Failed password for lockme from ::1 port 50904 ssh2
Oct 15 11:04:52 el6server unix_chkpwd[1965]: password check failed for user (lockme)
Oct 15 11:04:55 el6server sshd[1962]: Failed password for lockme from ::1 port 50904 ssh2
Oct 15 11:04:56 el6server unix_chkpwd[1966]: password check failed for user (lockme)
Oct 15 11:04:58 el6server sshd[1962]: Failed password for lockme from ::1 port 50904 ssh2
Oct 15 11:04:58 el6server sshd[1963]: Connection closed by ::1
Oct 15 11:04:58 el6server sshd[1962]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=localhost  user=lockme
Oct 15 11:05:02 el6server unix_chkpwd[1970]: password check failed for user (lockme)
Oct 15 11:05:02 el6server sshd[1968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=localhost  user=lockme
Oct 15 11:05:04 el6server sshd[1968]: Failed password for lockme from ::1 port 50905 ssh2
Oct 15 11:05:06 el6server sshd[1968]: pam_tally2(sshd:auth): user lockme (502) tally 5, deny 4
Oct 15 11:05:06 el6server unix_chkpwd[1971]: password check failed for user (lockme)
Oct 15 11:05:07 el6server sshd[1968]: Failed password for lockme from ::1 port 50905 ssh2
Oct 15 11:05:08 el6server sshd[1968]: pam_tally2(sshd:auth): user lockme (502) tally 6, deny 4
Oct 15 11:05:09 el6server unix_chkpwd[1972]: password check failed for user (lockme)
Oct 15 11:05:10 el6server sshd[1968]: Failed password for lockme from ::1 port 50905 ssh2
Oct 15 11:05:10 el6server sshd[1969]: Connection closed by ::1
Oct 15 11:05:10 el6server sshd[1968]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=localhost  user=lockme

Expected results:

Oct 15 11:04:48 el6server unix_chkpwd[1964]: password check failed for user (lockme)
Oct 15 11:04:48 el6server sshd[1962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=localhost  user=lockme
Oct 15 11:04:49 el6server sshd[1962]: Failed password for lockme from ::1 port 50904 ssh2
Oct 15 11:05:06 el6server sshd[1968]: pam_tally2(sshd:auth): user lockme (502) tally 2, deny 4
Oct 15 11:04:52 el6server unix_chkpwd[1965]: password check failed for user (lockme)
Oct 15 11:04:55 el6server sshd[1962]: Failed password for lockme from ::1 port 50904 ssh2
Oct 15 11:05:06 el6server sshd[1968]: pam_tally2(sshd:auth): user lockme (502) tally 3, deny 4
Oct 15 11:04:56 el6server unix_chkpwd[1966]: password check failed for user (lockme)
Oct 15 11:04:58 el6server sshd[1962]: Failed password for lockme from ::1 port 50904 ssh2
Oct 15 11:05:06 el6server sshd[1968]: pam_tally2(sshd:auth): user lockme (502) tally 4, deny 4
Oct 15 11:04:58 el6server sshd[1963]: Connection closed by ::1
Oct 15 11:04:58 el6server sshd[1962]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=localhost  user=lockme
Oct 15 11:05:02 el6server unix_chkpwd[1970]: password check failed for user (lockme)
Oct 15 11:05:02 el6server sshd[1968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=localhost  user=lockme
Oct 15 11:05:04 el6server sshd[1968]: Failed password for lockme from ::1 port 50905 ssh2
Oct 15 11:05:06 el6server sshd[1968]: pam_tally2(sshd:auth): user lockme (502) tally 5, deny 4
Oct 15 11:05:06 el6server unix_chkpwd[1971]: password check failed for user (lockme)
Oct 15 11:05:07 el6server sshd[1968]: Failed password for lockme from ::1 port 50905 ssh2
Oct 15 11:05:08 el6server sshd[1968]: pam_tally2(sshd:auth): user lockme (502) tally 6, deny 4
Oct 15 11:05:09 el6server unix_chkpwd[1972]: password check failed for user (lockme)
Oct 15 11:05:10 el6server sshd[1968]: Failed password for lockme from ::1 port 50905 ssh2
Oct 15 11:05:10 el6server sshd[1969]: Connection closed by ::1
Oct 15 11:05:10 el6server sshd[1968]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=localhost  user=lockme

Additional info:

Comment 1 Tomas Mraz 2016-06-10 09:29:00 UTC
pam_tally2 should not be used, it is deprecated.

Comment 2 Dalibor Pospíšil 2016-06-10 10:08:17 UTC
Ok than, I will restrict the test for rhel < 7


Note You need to log in before you can comment on or make changes to this bug.