On Thursday 22 October 2009 10:54:17 am John Summerfield wrote: > Login failures are recorded, use logwatch to summarise them and read > them. If it matters enough, configure syslog to record them to a pipe > and monitor them in real time. A package called pop-before-smtp provides > model code you could adapt. Basically, it uses regexes to scan the log > and does something when it gets a match.
logins are recorded to the audit system, too. You can use aureport to spot either failed logins or failed use of authentication. aureport --start this-week --login --failed -i aureport --start this-week --auth --failed -i Also, a small plugin could be written to scan audit events in realtime. There is a sample plugin here: https://fedorahosted.org/audit/browser/trunk/contrib/plugin that can be used as a starting point. -Steve _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
