Red Hat Bugzilla – Bug 170562
add audit message to pam_tally
Last modified: 2015-01-07 19:10:54 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050922 Fedora/1.0.7-1.1.fc4 Firefox/1.0.7
Description of problem:
We need pam_tally to emit an audit record when it locks an account.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. do bad logins
2. look in audit records after account is locked
Actual Results: No records other than mod to passwd file. This doesn't tell what account was affected.
I will provide a patch to provide this capability. This should be a very short patch 5-6 lines of code. open audit socket, send message, close socket.
Created attachment 120524 [details]
patch adding extra audit messages to pam_tally
This is the current patch that I'm testing against rawhide. It will require
audit-libs >= 1.0.9 since the audit daemon doesn't understand the message type.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.