passwd logging
Chuck Swiger
cswiger at mac.com
Fri Jan 14 16:19:13 PST 2005
Sean Murphy wrote:
> Chuck Swiger wrote:
>> Look at syslogd (/etc/syslog.conf) and /var/log/security or
>> /var/log/auth.log, I suspect that what you want to see is already
>> being logged there.
>>
> I checked out syslog.conf and did not see what to uncomment to add the
> passwd logging it currently logs bad logins and su but not successful
> changed passwds then I had a look at /var/log/security but nothing was
> in that file. hmm would I have to add a line to the syslog.conf file to
> log this type of activity?
Take a look at the end of /usr/src/usr.bin/passwd/local_passwd.c:
[ ... ]
if (!pw_mkdb(uname))
pw_error((char *)NULL, 0, 1);
#ifdef LOGGING
syslog(LOG_DEBUG, "user %s changed their local password\n", uname);
#endif
return (0);
}
This message is being logged at DEBUG priority level, so I believe you should
change the line in /etc/syslog.conf from "auth.info" to "auth.debug" and
restart syslogd.
Or you could adjust this code to log using a higher priority (or write the
info to a file directly, or whatever else you like), and build and reinstall
the passwd binary with your changes.
--
-Chuck
More information about the freebsd-questions
mailing list