|
 |
287c98 |
From 10086bc69663fa819277af244eeb5b629a2403b8 Mon Sep 17 00:00:00 2001
|
|
|
287c98 |
From: Deepak Das <ddas@redhat.com>
|
|
|
287c98 |
Date: Mon, 10 Oct 2022 21:21:35 +0530
|
|
|
287c98 |
Subject: [PATCH] pam_faillock: avoid logging an erroneous consecutive login
|
|
|
287c98 |
failure message
|
|
|
287c98 |
|
|
|
287c98 |
* modules/pam_faillock/pam_faillock.c (write_tally): Avoid logging
|
|
|
287c98 |
a consecutive login failure message for the root user in case when
|
|
|
287c98 |
even_deny_root is not set.
|
|
|
287c98 |
|
|
|
287c98 |
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2082442
|
|
|
287c98 |
---
|
|
|
287c98 |
modules/pam_faillock/pam_faillock.c | 8 +++++---
|
|
|
287c98 |
1 file changed, 5 insertions(+), 3 deletions(-)
|
|
|
287c98 |
|
|
|
287c98 |
diff --git a/modules/pam_faillock/pam_faillock.c b/modules/pam_faillock/pam_faillock.c
|
|
|
287c98 |
index ddbb90e7..ca1c7035 100644
|
|
|
287c98 |
--- a/modules/pam_faillock/pam_faillock.c
|
|
|
287c98 |
+++ b/modules/pam_faillock/pam_faillock.c
|
|
|
287c98 |
@@ -374,9 +374,11 @@ write_tally(pam_handle_t *pamh, struct options *opts, struct tally_data *tallies
|
|
|
287c98 |
}
|
|
|
287c98 |
close(audit_fd);
|
|
|
287c98 |
#endif
|
|
|
287c98 |
- if (!(opts->flags & FAILLOCK_FLAG_NO_LOG_INFO)) {
|
|
|
287c98 |
- pam_syslog(pamh, LOG_INFO, "Consecutive login failures for user %s account temporarily locked",
|
|
|
287c98 |
- opts->user);
|
|
|
287c98 |
+ if (!(opts->flags & FAILLOCK_FLAG_NO_LOG_INFO) &&
|
|
|
287c98 |
+ ((opts->flags & FAILLOCK_FLAG_DENY_ROOT) || (opts->uid != 0))) {
|
|
|
287c98 |
+ pam_syslog(pamh, LOG_INFO,
|
|
|
287c98 |
+ "Consecutive login failures for user %s account temporarily locked",
|
|
|
287c98 |
+ opts->user);
|
|
|
287c98 |
}
|
|
|
287c98 |
}
|
|
|
287c98 |
|
|
|
287c98 |
--
|
|
|
287c98 |
2.38.1
|
|
|
287c98 |
|