On 06/11/2014 01:56 AM, Florian HEGRON wrote: >> Is there a way to display that 'failed logins' message without using >> gdm/kdm/xdm? > > Hello, > > See that : http://linux.die.net/man/8/faillog > > I am not on my Gentoo machine so I don't know if the faillog file is really > present.
Very good clue, thanks. After several hours of poking around in /etc I know a lot more and understand less :) I enabled a few settings in /etc/login.defs that *should* have worked (according to the man pages) but had no effect at all. I found some appropriate failed login messages in /var/log/auth.log, as specified by this line in /etc/syslog.conf: #grep -r auth.log /etc syslog.conf:auth,authpriv.* /var/log/auth.log I should confess that I'm running systemd instead of openrc and I'm using my own hacked config files in /etc/systemd/ to run syslogd: #cat /etc/systemd/system/sklogd.service [Unit] Description=The syslogd half of sysklogd [Service] Type=forking EnvironmentFile=/etc/init.d/sysklogd ExecStart=/usr/sbin/syslogd -m 0 [Install] WantedBy=multi-user.target Maybe failed logins should be logged by journalctl now instead of sys-apps/shadow? I see entries from systemd-logind about successful logins but nothing about failed logins. (I've deliberately caused many failed logins just for the purpose of spamming the system logs.) Any additional clues would be much appreciated, thanks.
