How To Log Password Change
This is a discussion on How To Log Password Change within the Linux Security forums, part of the System Security and Security Related category; There have been a few posts about this, but no answer... Fedora Core 1 will send a bad password change ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
08-27-2004
|
|||
|
|||
How To Log Password Change
There have been a few posts about this, but no answer...
Fedora Core 1 will send a bad password change to syslog, but not a vanilla password change... Any suggestions on how I can log regular password changes? My first thought was to modify the source to passwd. So, I grabbed the source, did a grep on the text that a bad password change makes, but nothing pops up... So, then I looked at passwd.c, then I saw a bunch of PAM references, but I don't know how to send a successful password change to syslog... Any suggestions? 
|
|
08-27-2004
|
|||
|
|||
|
Re: How To Log Password Change
In article <8e2a9c5b.0408261936.10e7c3a3@posting.google.com >, Thu, 26 Aug
2004 20:36:22 -0700, "Bob Holding" <etchttpd@yahoo.com> wrote: > There have been a few posts about this, but no answer... > > Fedora Core 1 will send a bad password change to syslog, but not a > vanilla password change... Any suggestions on how I can log regular > password changes? > > My first thought was to modify the source to passwd. So, I grabbed the > source, did a grep on the text that a bad password change makes, but > nothing pops up... So, then I looked at passwd.c, then I saw a bunch of > PAM references, but I don't know how to send a successful password > change to syslog... > > Any suggestions? Do it deliberately, and monitor the logs. Then figure it out for yourself. --- -- Felix Tilley Rank: MAJ Fanatic Lartvocate FL# 555-LART
|
|
08-27-2004
|
|||
|
|||
|
Re: How To Log Password Change
Bob Holding wrote:
> There have been a few posts about this, but no answer... > > Fedora Core 1 will send a bad password change to syslog, but not a > vanilla password change... Any suggestions on how I can log regular > password changes? > > My first thought was to modify the source to passwd. So, I grabbed > the source, did a grep on the text that a bad password change makes, > but nothing pops up... So, then I looked at passwd.c, then I saw a > bunch of PAM references, but I don't know how to send a successful > password change to syslog... > > Any suggestions? If you like hacks then you can write a wrapper for passwd that logs the password change with logger to the system logs and then pass the command arguments to the real passwd. -- Jose Maria Lopez Hernandez Director Tecnico de bgSEC jkerouac@bgsec.com bgSEC Seguridad y Consultoria de Sistemas Informaticos http://www.bgsec.com ESPAŅA The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles. -- Jack Kerouac, "On the Road"
|
|
08-28-2004
|
|||
|
|||
|
Re: How To Log Password Change
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 NotDashEscaped: You need GnuPG to verify this message In comp.os.linux.security Bob Holding <etchttpd@yahoo.com> suggested: > There have been a few posts about this, but no answer... > Fedora Core 1 will send a bad password change to syslog, but not a > vanilla password change... Any suggestions on how I can log regular > password changes? > My first thought was to modify the source to passwd. So, I grabbed [..] No need, take a look at: /usr/share/doc/pam-*/txts/README.pam_pwdb And modify your pam configuration accordingly until it does what you want. Good luck -- Michael Heiming (GPG-Key ID: 0xEDD27B94) mail: echo zvpunry@urvzvat.qr | perl -pe 'y/a-z/n-za-m/' -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBMEtlAkPEju3Se5QRAkzDAJ96+JwQxsGe80yVXqvEUK 79qKxs0gCfYdWX 9tCviHk6UjoVwWfXMjIfn2M= =No5K -----END PGP SIGNATURE-----
|
|
08-28-2004
|
|||
|
|||
|
Re: How To Log Password Change
Michael Heiming <michael+USENET@www.heiming.de> wrote in message news:<5ku502-3lp.ln1@news.heiming.de>...
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > NotDashEscaped: You need GnuPG to verify this message > > In comp.os.linux.security Bob Holding <etchttpd@yahoo.com> suggested: > > There have been a few posts about this, but no answer... > > > Fedora Core 1 will send a bad password change to syslog, but not a > > vanilla password change... Any suggestions on how I can log regular > > password changes? > > > My first thought was to modify the source to passwd. So, I grabbed > [..] > > No need, take a look at: > /usr/share/doc/pam-*/txts/README.pam_pwdb > > And modify your pam configuration accordingly until it does what > you want. > > Good luck > ... Cool. Thanks for the tip! After doing a little more research I found http://www.kernel.org/pub/linux/libs...-6.html#ss6.19 and http://www.linux.cu/documentos/RedHa...admin-auth.htm The latter had this example for /etc/pam.d/passwd: #%PAM-1.0 auth required /lib/security/pam_securetty.so auth required /lib/security/pam_pwdb.so shadow nullok auth required /lib/security/pam_nologin.so account required /lib/security/pam_pwdb.so password required /lib/security/pam_cracklib.so password required /lib/security/pam_pwdb.so shadow nullok use_authtok session required /lib/security/pam_pwdb.so So, if anyone else wants to log password changes, modify /etc/pam.d/passwd (your PAM configuration file(s) may vary...) and you're good to go... The above PAM passwd config works for me.
|
Linear Mode
