1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
|
\input texinfo @c -*-texinfo-*-
@c %**start of header
@setfilename cerberus-logging.info
@settitle cerberus-logging
@afourpaper
@documentencoding UTF-8
@documentlanguage en
@finalout
@c %**end of header
@dircategory Security
@direntry
* cerberus-logging: (cerberus-logging). Logging extension for cerberus.
@end direntry
@copying
Copyright @copyright{} 2014, 2015 Mattias Andrée
@quotation
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License, Version 1.3 or
any later version published by the Free Software Foundation; with no
Invariant Sections, with no Front-Cover Texts, and with no Back-Cover
Texts. A copy of the license is included in the section entitled
``GNU Free Documentation License''.
@end quotation
@end copying
@ifnottex
@node Top
@top cerberus-logging -- Logging extension for cerberus
@insertcopying
@end ifnottex
@titlepage
@title cerberus-logging
@subtitle Logging extension for cerberus
@author by Mattias Andrée (maandree)
@page
@vskip 0pt plus 1filll
@insertcopying
@end titlepage
@contents
@menu
* Overview:: Brief overview of @command{cerberus-logging}.
* GNU Free Documentation License:: Copying and sharing this manual.
@end menu
@node Overview
@chapter Overview
@command{cerberus-logging} is extension set to @command{cerberus}
for logging logins, logouts (possible but not implemented) and
failed login attempts. The only restriction @command{cerberus-logging}
has is that it cannot log what passphrase the user entered; this
is because @command{cerberus} does not provide that information.
The @command{cerberus-logging} package includes a shell script
named @file{logging} stored in @file{/usr/share/cerberus-logging}.
If you want to use this extension to @command{cerberus} either
link to it from @file{/etc/cerberusrc}@footnote{
@command{sudo ln -s /usr/share/cerberus-logging/logging /etc/cerberusrc}},
or from @file{/etc/cerberusrc} run
@command{env LOGIN_PID=$PPID /usr/share/cerberus-logging/logging}.
@command{cerberus-logging} includes five commands, all of which
are optional. These commands are used for logging events with
different logging systems.
@table @command
@item log-login-btmp
Log failed login attempt with the btmp system.
@item log-login-utmp
Log successful login with the utmp/wtmp system.
@item log-login-audit
Log successful or failed login attempt with the audit system.
@item log-login-lastlog
Log successful login with the lastlog system.
@item log-login-syslog
Log successful or failed login attempt with syslog.
@end table
Upon a successful login, before the login takes place,
@command{cerberus-logging} will run the user's
@file{~/.prelogin}, as the user, if that file exists
and is executable by both root and the user. This can
be used for printing information about the last login,
which can be done by adding the following shell
sequence to @file{~/.prelogin} and make it executable
by everyone (that can access your home directory, that
is, just you and root):
@example
echo 'Last login:' ; lastlog --user $USER | tail -n 1
@end example
@node GNU Free Documentation License
@appendix GNU Free Documentation License
@include fdl.texinfo
@bye
|
