February 2013 - Not Blog

notblog@infinity:~$ faillog -u root
Login       Failures Maximum Latest                   On

root           13        0   02/25/13 10:17:11 +0000  /dev/pts/0

notblog@infinity:~$ faillog -u root

root 13 0 02/25/13 10:17:11 +0000 /dev/pts/0

Login: Attempted login user
Failures: Failed login attempts
Maximum: Allowed login failures before disabling the account
Latest: Date and time of last failed login
On: Where the failed login occurred

Step 1 – Enable pam_tally.so in /etc/pam.d/common-auth

Add the following lines to the top of the file:

# Log failed logins to /var/log/faillog
auth required pam_tally.so per_user magic_root onerr=fail

1 2	# Log failed logins to /var/log/faillog auth required pam_tally.so per_user magic_root onerr=fail

# Log failed logins to /var/log/faillog
auth required pam_tally.so per_user magic_root onerr=fail

# here are the per-package modules (the "Primary" block)
auth   [success=1 default=ignore]      pam_unix.so nullok_secure
# here's the fallback if no module succeeds
auth    requisite                       pam_deny.so

...

# Log failed logins to /var/log/faillog

auth required pam_tally.so per_user magic_root onerr=fail

# here are the per-package modules (the "Primary" block)

auth [success=1 default=ignore] pam_unix.so nullok_secure

# here's the fallback if no module succeeds

auth requisite pam_deny.so

...

Step 2 – Enable pam_tally.so in /etc/pam.d/sshd

Add the following lines immediately before @include common-auth:

# Log failed login attempts to /var/log/faillog
auth required pam_tally.so per_user onerr=fail

1 2	# Log failed login attempts to /var/log/faillog auth required pam_tally.so per_user onerr=fail

# Read environment variables from /etc/environment and
# /etc/security/pam_env.conf.
auth       required     pam_env.so # [1]
# In Debian 4.0 (etch), locale-related environment variables were moved to
# /etc/default/locale, so read that as well.
auth       required     pam_env.so envfile=/etc/default/locale

# Log failed login attempts to /var/log/faillog
auth       required pam_tally.so per_user onerr=fail

# Standard Un*x authentication.
@include common-auth

# Disallow non-root logins when /etc/nologin exists.
account    required     pam_nologin.so

...

# Read environment variables from /etc/environment and

# /etc/security/pam_env.conf.

auth required pam_env.so # [1]

# In Debian 4.0 (etch), locale-related environment variables were moved to

# /etc/default/locale, so read that as well.

auth required pam_env.so envfile=/etc/default/locale

# Log failed login attempts to /var/log/faillog

auth required pam_tally.so per_user onerr=fail

# Standard Un*x authentication.

@include common-auth

# Disallow non-root logins when /etc/nologin exists.

account required pam_nologin.so

...

Step 3 – Enable PAM in /etc/ssh/sshd_config

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes

# Set this to 'yes' to enable PAM authentication, account processing,

# and session processing. If this is enabled, PAM authentication will

# be allowed through the ChallengeResponseAuthentication and

# PasswordAuthentication. Depending on your PAM configuration,

# PAM authentication via ChallengeResponseAuthentication may bypass

# the setting of "PermitRootLogin without-password".

# If you just want the PAM account and session checks to run without

# PAM authentication, then enable this but set PasswordAuthentication

# and ChallengeResponseAuthentication to 'no'.

UsePAM yes

Step 4 – Restart ssh

notblog@infinity:~$ sudo service ssh restart
ssh stop/waiting
ssh start/running, process 11717

notblog@infinity:~$ sudo service ssh restart

ssh stop/waiting

ssh start/running, process 11717

This short guide explains how to display Nginx statistics when a certain location is requested, usually at /nginx_status. For more information see the HttpStubStatusModule wiki page.

Active connections: 6 
server accepts handled requests
 1559 1559 7088 
Reading: 5 Writing: 1 Waiting: 0

Active connections: 6

server accepts handled requests

1559 1559 7088

Reading: 5 Writing: 1 Waiting: 0

Step 1 – Compile Nginx with HttpStupStatusModule

Displaying Nginx’s status requires the HttpStubStatusModule. This module is not included by default during compilation. If you installed Nginx from a package, it may have been included.

Pass the following flag during configuration to include HttpStubStatusModule:

--with-http_stub_status_module

1	--with-http_stub_status_module

Step 2 – Add location to site’s configuration file

Add the following to your site’s configuration file, optionally replacing /nginx_status with a custom location.

location /nginx_status {
  stub_status on;
  access_log off;
}

location /nginx_status {

stub_status on;

access_log off;

}

stub_status on indicates this location has a special function. Rather than displaying a file or directory, only statistics for Nginx will be shown.
access_log off disables logging for this location.

Step 3 – Limit access to the status page

Note that the status page by default will be public. To keep it private, consider:

Using a custom location that is hard to guess
Password protecting the page
Limiting the page to only your IP address

Month: February 2013

How to log failed login attempts (Ubuntu)

Step 1 – Enable pam_tally.so in /etc/pam.d/common-auth

Step 2 – Enable pam_tally.so in /etc/pam.d/sshd

Step 3 – Enable PAM in /etc/ssh/sshd_config

Step 4 – Restart ssh

How to display an Nginx status page using stub_status

Step 1 – Compile Nginx with HttpStupStatusModule

Step 2 – Add location to site’s configuration file

Step 3 – Limit access to the status page

Step 1 – Enable pam_tally.so in /etc/pam.d/common-auth

Step 2 – Enable pam_tally.so in /etc/pam.d/sshd

Step 3 – Enable PAM in /etc/ssh/sshd_config

Step 4 – Restart ssh

Share this:

Step 1 – Compile Nginx with HttpStupStatusModule

Step 2 – Add location to site’s configuration file

Step 3 – Limit access to the status page

Share this: