From 39d47f2ea443f2d56b31301d65c10b1b4e40fb19 Mon Sep 17 00:00:00 2001 From: Renuka Manavalan <47282725+renukamanavalan@users.noreply.github.com> Date: Thu, 24 Feb 2022 15:26:56 -0800 Subject: [PATCH] Send bad password log to /var/log/syslog and include user info in the log (#10032) Why I did it Desired the log message destination to be syslog and it misses the critical info. How I did it Non logical code changes only. Logging update, just for one message only a) The log message is directed to /var/log/syslog, instead of /var/log/auth.log b) Include user alias in the message How to verify it Pick a user alias that has not logged into the switch yet Add this alias to /etc/tacplus_user Attempt to login as that user Look for the error message in /var/log/syslog e.g. "Feb 18 19:16:41.592191 sonic ERR sshd[5233]: auth fail: Password incorrect. user: user_xyz" --- src/tacacs/pam/0007-handle-bad-password-set-by-sshd.patch | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/tacacs/pam/0007-handle-bad-password-set-by-sshd.patch b/src/tacacs/pam/0007-handle-bad-password-set-by-sshd.patch index 36a96da77a..995f3ed9f3 100644 --- a/src/tacacs/pam/0007-handle-bad-password-set-by-sshd.patch +++ b/src/tacacs/pam/0007-handle-bad-password-set-by-sshd.patch @@ -1,6 +1,6 @@ -From f2687e7a442c83e19190695021fb9a60fe07ba60 Mon Sep 17 00:00:00 2001 +From 4ef102dfa137c2c6e3dd63c2d16f2966b6f5add8 Mon Sep 17 00:00:00 2001 From: Renuka Manavalan -Date: Wed, 17 Nov 2021 02:31:45 +0000 +Date: Fri, 18 Feb 2022 22:07:24 +0000 Subject: [PATCH] handle bad password set by sshd --- @@ -11,7 +11,7 @@ Subject: [PATCH] handle bad password set by sshd 4 files changed, 49 insertions(+), 4 deletions(-) diff --git a/pam_tacplus.c b/pam_tacplus.c -index ec8ea27..014421b 100644 +index ec8ea27..2421874 100644 --- a/pam_tacplus.c +++ b/pam_tacplus.c @@ -251,6 +251,13 @@ int pam_sm_authenticate (pam_handle_t * pamh, int flags, @@ -19,7 +19,7 @@ index ec8ea27..014421b 100644 } + if (validate_not_sshd_bad_pass(pass) != PAM_SUCCESS) { -+ syslog(LOG_ERR, "auth fail: Password incorrect"); ++ syslog(LOG_LOCAL0|LOG_ERR, "auth fail: Password incorrect. user: %s", user); + memset(pass, 0, strlen (pass)); + free(pass); + return PAM_AUTH_ERR;