[NCLUG] Two easy? security questions...
Matt Clauson
mec at dotorg.org
Mon Sep 4 13:07:12 MDT 2000
On Mon, Sep 04, 2000 at 06:48:52PM +0000, dobbster wrote:
> Hi Matt,
>
> > First question... For reference, what Distro are you running?
>
> Mandrake 6.2.
Bring the CDs to the meeting tomorrow. We'll install it on the second
partition on my laptop and figure it out.
> > Second: Have you tried running 'find / -name 'btmp' -print' and seeing if
> > there are any more copies of that file out there?
>
> Yes... There is only one copy.
>
> > Third: Even though the manpage says btmp, on my Debian 2.2 box here, the
> > failed attempts are stored in /var/log/faillog, NOT /var/log/btmp. When
> > I run a find on it, in fact, I am told that no file named btmp exists. Of
> > course, that breaks the functionality of lastb.... when I link
> > /var/log/faillog to /var/log/btmp, however... it seems to click again.
>
> Interesting. I wasn't aware of faillog; I read the man page. I did
> attempt what you suggested, creating /var/log/faillog, and linking it to
> /var/log/btmp. Still, the log files remain empty.
Yeah, the debian manpages don't reference faillog either, but that's where it
is, oddly enough. Something you might try doing is performing a 'bad login'
and then doing a search for files modified in, say, the past 15 minutes,
using the find command. You may be able to find the file by process of
elimination that way.
Also, on a meeting related topic: Sean, I'm still planning to bring that
video projector to the meeting. Drop me a note offlist if this needs to
change.
--Matt, the flunky
More information about the NCLUG
mailing list