[tac_plus] Mailing list and Syslog question
Daniel Schmidt
daniel.schmidt at wyo.gov
Thu May 5 21:14:19 UTC 2011
I thought about that too, but the after authentication script never gets
called on a failed login though.
Actually, Mark was once working on a feature to lock accounts on failed
logins. I would have rather it locked on IP rather than user, but I once
used it and it seemed to work quite well.
http://www.shrubbery.net/pipermail/tac_plus/2009-September/000508.html
-----Original Message-----
From: tac_plus-bounces at shrubbery.net
[mailto:tac_plus-bounces at shrubbery.net] On Behalf Of Alan McKinnon
Sent: Thursday, May 05, 2011 2:36 PM
To: tac_plus at shrubbery.net
Subject: Re: [tac_plus] Mailing list and Syslog question
Apparently, though unproven, at 19:29 on Thursday 05 May 2011, Paul Root
did
opine thusly:
> Is there a mailling list to join for this?
Yes, it's the address you used. That I replied is proof it works ;-)
> Also, we are trying to get accounting to go to syslog. But it persists
in
> sending to the file.
>
> How is syslog enabled for accounting?
I also tried to get this to work, and failed. The CHANGES file contains
this:
F4.0.4.16
- Add 'accounting syslog;' configuration knob - mostly from Mark
Ellzey Thomas
So there is some level of support. I could not find out how to set the
facility and priority, so I just let tac_plus write to the file (I wanted
a
local copy anyway) and configured syslog-ng to read it and send the logs
onto
my syslogger:
# Tacacs accounting logs
source s_tac_plus_acc {
file("/var/log/tacacs/accounting",
default-facility(local6),
default-priority(info));
};
# Remote logging to syslogger
destination syslogger {
tcp("xxx.xxx.xxx.xxx" port(514));
};
log { source(s_tac_plus_acc); destination(syslogger); };
Not the most elegant solution, it does require you to keep your wits about
you
if you change log filenames, but it does work. It's for syslog-ng, AFAIR
syslogd can be brutally assaulted into doing much the same,
> Lastly, is there a way to disable an account after X number of failed
> attempts?
Not inside the conf file to the best of my knowledge. You'll have to write
an
external auth script that stores expiry and failed attempts info to do
this.
Check the section "USING PROGRAMS TO DO AUTHORIZATION" in the manual
bundled
with the sources.
Daniel Schmidt posted links to this very topic just yesterday so I'll
assume
you've only just registered and missed it (unlucky you!). Here's the
relevant
text reposted:
http://tacacs.org/
and this:
python do_auth.py | less
or maybe this:
http://www.shrubbery.net/pipermail/tac_plus/2011-March/000879.html
or this:
http://manpages.ubuntu.com/manpages/maverick/man8/do_auth.8.html
--
alan dot mckinnon at gmail dot com
_______________________________________________
tac_plus mailing list
tac_plus at shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus
More information about the tac_plus
mailing list