I would need to configure SLES 11 SP3 to log bad login attemps from GUI login screen (KDE). I created file “/var/log/btmp” with touch and set correct permissions. Problem is that with “lastb” command I can see only bad login from ssh in a form :
username ssh:notty localhost/IP date time
in manual pages to last command it is stated that:
“lastb Same as last, except that by default it shows a log of the file /var/log/btmp, which contains all the bad login attempts.”
Audit works fine for me but if it is possible I would need to use lastb and btmp file…
I would need to configure SLES 11 SP3 to log bad login attemps from GUI login screen (KDE). I created file “/var/log/btmp” with touch and set correct permissions. Problem is that with “lastb” command I can see only bad login from ssh in a form :
username ssh:notty localhost/IP date time
in manual pages to last command it is stated that:
“lastb Same as last, except that by default it shows a log of the file /var/log/btmp, which contains all the bad login attempts.”
Audit works fine for me but if it is possible I would need to use lastb and btmp file…
Thanks a lot for any hint…
Regards
Peter[/QUOTE]
AFAICT there’s no support for btmp in PAM, which nowadays would be the place where this could get logged centrally. So (writing) btmp support currently needs to be provided by each and every application handling logins, with sshd being the most famous (and probably single) one doing so.
So if no-one else has more current information, I’d say you’re out of luck with regards to btmp and will have to stick to auditing.