[lfs-support] 6.06 Creating Essential Files and Symlinks

Qrux qrux.qed at gmail.com
Tue Feb 14 18:05:09 PST 2012


On Feb 14, 2012, at 6:25 AM, Andrew Benton wrote:

> On Mon, 13 Feb 2012 16:53:25 -0800
> Qrux <qrux.qed at gmail.com> wrote:
> 
>> "Empirical" testing shows that login writes to btmp.  I infer, from that description given at TLDP, that everything that logs a bad-login attempt (e.g., login) ought to be writing to this file.  It is NOT an SSH-specific thing.
> 
> You appear to be wrong. login writes to /var/log/wtmp,
> not /var/login/btmp. If I try to login as root (on tty1) and
> enter the wrong password nothing gets written to /var/login/btmp. Maybe
> login _should_ be writing the failed login attempt to /var/log/btmp,
> maybe login is broken?

That's very interesting.  Here's what I see when I do it:

==
xlapp [/var/log] # strings btmp
tty1
root
tty1
UNKNOWN
tty1
UNKNOWN
ssh:notty
qrux
192.168.0.4
==

First, a bad attempt as root (tty1, obv).  Then, bad attempt as user 'hello', then bad attempt as user 'world', then bad attempt via ssh.  I can't confirm it's 'login' that's writing the entry, but something other than SSH is, and I don't have PAM.

Did you do this *before* or *after* you corrected the perms in btmp?

> The only application on my system that writes to /var/login/btmp is
> ssh, so I suggest that we move creating this file to the ssh page in
> BLFS.

Also, did you install shadow from LFS?

Because I see this in my /etc/login.defs:

	xlapp [/var/log] # grep tmp /etc/login.defs 
	# If defined, login failures will be logged here in a utmp format.
	# last, when invoked as lastb, will read /var/log/btmp, so...
	FTMP_FILE	/var/log/btmp

And I see this in in shadow:

	xlapp [~/lfs/src/shadow-4.1.4.3/etc] # grep tmp login.defs
	# If defined, login failures will be logged here in a utmp format.
	# last, when invoked as lastb, will read /var/log/btmp, so...
	FTMP_FILE	/var/log/btmp

I assume (perhaps tacitly) that this is being installed on your system, too, if you're installing shadow.  Again, IDK if it's login that's writing to this file.  But something is.  Your data differs from mine, but I don't think that qualifies my data as being "wrong".  LOL

	Q




More information about the lfs-support mailing list