Re: [bitfolk] how to get 'last' to display upon login with Debian 7?

in shadow-4.1.5.1/src/login.c , which reads /etc/login.defs for FAILLOG_ENAB #ifndef USE_PAM                 motd ();        /* print the message of the day */                 if (   getdef_bool ("FAILLOG_ENAB")                     && (0 != faillog.fail_cnt)) {                         failprint (&faillog);                         /* Reset the lockout times if logged in */                         if (   (0 != faillog.fail_max)                             && (faillog.fail_cnt >= faillog.fail_max)) {                                 (void) puts (_("Warning: login re-enabled after temporary lockout."));                                 SYSLOG ((LOG_WARN,                                          "login '%s' re-enabled after temporary lockout (%d failures)",                                          username, (int) faillog.fail_cnt));                         }                 } etc... Does anyone know why this segment of code is unused when USE_PAM is defined?? Le Dimanche 10 novembre 2013 23h18, Max B <txtmb(a)yahoo.fr> a écrit : PS: http://pkg-shadow.alioth.debian.org/coverage/shadow-4.1.5.1/libmisc/failure… the string appears to be in the 'shadow' system. has the failure.c file been removed or modified from debian? Le Dimanche 10 novembre 2013 22h02, Max B <txtmb(a)yahoo.fr> a écrit : Thanks for the reply, Andy. I just checked http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html , specifically, sec 4.11.* ** Please note that SULOG_FILE is mentioned NOWHERE in that document, and ought to be in 4.11.3. The different behaviour of Debian 5.0 and 7, as mentioned earlier in thread, is mentioned nowhere that I could see.  Debian 5.0 announces upon login that %d failure since last login where %d >0; else no notification Debian 7 does not check this information, AFAIK. I managed to grep a mention of "pam_lastlog.so" in /etc/pam.d/login , but this appears not to function as above in Debian 5.0, so I am mystified as to how Debian 5.0 is able to report on the number of failures since last login. The sections of /etc/login.defs regarding "btmp" are identical in deb 5.0 and deb 7 , so it isn't that. There are some changes (additions) to the /etc/pam.d/common-* files, but you'd need to be an expert in pam, which I'm not. It shouldn't be this difficult to add '%d failure since last login' right before the motd to Debian 7, but I'm afraid it is for me. Cheers Le Dimanche 10 novembre 2013 20h17, Andy Smith <andy(a)bitfolk.com> a écrit : Hello Max, On Sun, Nov 10, 2013 at 07:11:33PM +0000, Max B wrote: I haven't really noticed the difference. Does section 4.11.3 of this not cover it then?     http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html Cheers, Andy -- http://bitfolk.com/ -- No-nonsense VPS hosting _______________________________________________ users mailing list users(a)lists.bitfolk.com https://lists.bitfolk.com/mailman/listinfo/users _______________________________________________ users mailing list users(a)lists.bitfolk.com https://lists.bitfolk.com/mailman/listinfo/users _______________________________________________ users mailing list users(a)lists.bitfolk.com https://lists.bitfolk.com/mailman/listinfo/users