Thanks for the reply, Andy.
I just checked http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html , specifically, sec 4.11.*
** Please note that SULOG_FILE is mentioned NOWHERE in that document, and ought to be in 4.11.3.
The different behaviour of Debian 5.0 and 7, as mentioned
earlier in thread, is mentioned nowhere that I could see.
Debian 5.0 announces upon login that
%d failure since last login
where %d >0; else no
notification
Debian 7 does not check this information, AFAIK.
I managed to grep a mention of "pam_lastlog.so" in /etc/pam.d/login , but this appears not to function as above
in Debian 5.0, so I am mystified as to how Debian 5.0 is able to report on the number of failures since last login.
The sections of /etc/login.defs regarding "btmp" are identical in deb 5.0 and deb 7 , so it isn't that.
There are some changes (additions) to the /etc/pam.d/common-* files, but you'd need to be an expert in pam, which I'm not.
It shouldn't be this difficult to add '%d failure since last login' right before the motd to Debian 7, but I'm afraid it is for me.
Cheers
Le Dimanche 10 novembre 2013 20h17, Andy Smith <andy@bitfolk.com>
a écrit :