Date: Fri, 14 Jan 2005 19:18:17 -0500 From: Chuck Swiger <cswiger@mac.com> To: Sean Murphy <smurphy@calarts.edu> Cc: freebsd Questions <freebsd-questions@FreeBSD.ORG> Subject: Re: passwd logging Message-ID: <41E86149.4040801@mac.com> In-Reply-To: <41E85E2A.7040907@calarts.edu> References: <41E85835.6030705@calarts.edu> <41E859B9.4080009@mac.com> <41E85E2A.7040907@calarts.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Sean Murphy wrote:
> Chuck Swiger wrote:
>> Look at syslogd (/etc/syslog.conf) and /var/log/security or
>> /var/log/auth.log, I suspect that what you want to see is already
>> being logged there.
>>
> I checked out syslog.conf and did not see what to uncomment to add the
> passwd logging it currently logs bad logins and su but not successful
> changed passwds then I had a look at /var/log/security but nothing was
> in that file. hmm would I have to add a line to the syslog.conf file to
> log this type of activity?
Take a look at the end of /usr/src/usr.bin/passwd/local_passwd.c:
[ ... ]
if (!pw_mkdb(uname))
pw_error((char *)NULL, 0, 1);
#ifdef LOGGING
syslog(LOG_DEBUG, "user %s changed their local password\n", uname);
#endif
return (0);
}
This message is being logged at DEBUG priority level, so I believe you should
change the line in /etc/syslog.conf from "auth.info" to "auth.debug" and
restart syslogd.
Or you could adjust this code to log using a higher priority (or write the
info to a file directly, or whatever else you like), and build and reinstall
the passwd binary with your changes.
--
-Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41E86149.4040801>