Ask Your Question
2

How to run a script on every failed login attempt on lock screen?

asked 2016-07-01 12:02:37 -0600

vikas_kr gravatar image

I have written a shell script to create a log. I want to run it on every failed login attempt. How to configure pam files for this in fedora 23/24?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2016-07-28 16:18:14 -0600

ssieb gravatar image

You could have a background script run as root and watch the system log for messages. journalctl -f -t unix_chkpwd should pick up every password failure as it happens. Or journalctl -f -t gdm-password] will show various information including password failures from gdm. And yes, that right square bracket is necessary in F23 and F24, probably a bug somewhere.

You can also use PAM to do it. If you ever use authconfig, it will get overwritten and your changes will be lost. password-auth is a link to password-auth-ac, so edit /etc/pam.d/password-auth-ac. After this line:

auth        sufficient    pam_unix.so nullok try_first_pass

add:

auth        optional      pam_exec.so /your/script/here.sh

The script will run as root in the context of gdm. See man pam_exec for some more info.

edit flag offensive delete link more

Question Tools

Stats

Asked: 2016-07-01 12:02:37 -0600

Seen: 428 times

Last updated: Jul 28 '16