From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050922 Fedora/1.0.7-1.1.fc4 Firefox/1.0.7 Description of problem: btmp is the bad login records file. It is accessed from the lastb command. Login programs should write bad login attempts to this file. gdm doesn't do this, it only writes to utmp. There are security protection profiles that want all bad login attempts recorded. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. try to login using a bad password. 2. run lastb Actual Results: no results related to gdm. Expected Results: the date, time, and acct of the bad login attempt. Additional info: Code exists in util-linux/login and sshd that can be used with very little modification.
Created attachment 128198 [details] add btmp logging, first cut This is my first "it works for me" cut of the btmp logging. There are a few things I know about (feel free to let me know what you think): . Patch is against 2.14.0-1 . Hostname logging untested (same as "audit" though). . Later pam failures untested (dito). .. Note that audit doesn't get the username when the passwd is wrong though, so should probably trust it about as far as we can throw it. . did_setcred path (last possible failure) might well not be correct. . If using "selected_user" (face browser?) ... then bad passwd's aren't logged in btmp or audit. . HAVE_UPDWTMP and _HAVE_UT_TV probably need to be in autoconf. . Might want to move entire logbtmp() function to another file, so as to keep utmp.h namespace from current file.
Thanks James, This looks pretty good as a first cut. I'm in the process of rewriting some of the PAM code in GDM right now, so as I'm working on that I'll fold this in.
So what's the status on this? We are losing valuable testing time.
It didn't make test1, it will definitely make test2.
I've integrated btmp (and wtmp so we can ditch calling /usr/bin/sessreg) logging support into the PAM code rewrite. It's not ready to comitted yet, however. I'll post an update when the patch lands in rawhide.
The PAM requires some changes to GDM that won't be done by RHEL-5, so I implemented this functionality separately in the mean time.