\input texinfo @c -*-texinfo-*- @c %**start of header @setfilename cerberus-logging.info @settitle cerberus-logging @afourpaper @documentencoding UTF-8 @documentlanguage en @finalout @c %**end of header @dircategory Security @direntry * cerberus-logging: (cerberus-logging). Logging extension for cerberus. @end direntry @copying Copyright @copyright{} 2014, 2015 Mattias Andrée @quotation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, with no Front-Cover Texts, and with no Back-Cover Texts. A copy of the license is included in the section entitled ``GNU Free Documentation License''. @end quotation @end copying @ifnottex @node Top @top cerberus-logging -- Logging extension for cerberus @insertcopying @end ifnottex @titlepage @title cerberus-logging @subtitle Logging extension for cerberus @author by Mattias Andrée (maandree) @page @vskip 0pt plus 1filll @insertcopying @end titlepage @contents @menu * Overview:: Brief overview of @command{cerberus-logging}. * GNU Free Documentation License:: Copying and sharing this manual. @end menu @node Overview @chapter Overview @command{cerberus-logging} is extension set to @command{cerberus} for logging logins, logouts (possible but not implemented) and failed login attempts. The only restriction @command{cerberus-logging} has is that it cannot log what passphrase the user entered; this is because @command{cerberus} does not provide that information. The @command{cerberus-logging} package includes a shell script named @file{logging} stored in @file{/usr/share/cerberus-logging}. If you want to use this extension to @command{cerberus} either link to it from @file{/etc/cerberusrc}@footnote{ @command{sudo ln -s /usr/share/cerberus-logging/logging /etc/cerberusrc}}, or from @file{/etc/cerberusrc} run @command{env LOGIN_PID=$PPID /usr/share/cerberus-logging/logging}. @command{cerberus-logging} includes five commands, all of which are optional. These commands are used for logging events with different logging systems. @table @command @item log-login-btmp Log failed login attempt with the btmp system. @item log-login-utmp Log successful login with the utmp/wtmp system. @item log-login-audit Log successful or failed login attempt with the audit system. @item log-login-lastlog Log successful login with the lastlog system. @item log-login-syslog Log successful or failed login attempt with syslog. @end table Upon a successful login, before the login takes place, @command{cerberus-logging} will run the user's @file{~/.prelogin}, as the user, if that file exists and is executable by both root and the user. This can be used for printing information about the last login, which can be done by adding the following shell sequence to @file{~/.prelogin} and make it executable by everyone (that can access your home directory, that is, just you and root): @example echo 'Last login:' ; lastlog --user $USER | tail -n 1 @end example @node GNU Free Documentation License @appendix GNU Free Documentation License @include fdl.texinfo @bye