Configure syslog to print the Security violation alarm on user terminal

linuxexplore — Tue, 15 Sep 2009 18:26:12 +0000

Open the /etc/rsyslog.conf file for syslog configuration in fedora Linux (some linux like CentOS has /etc/syslog.conf). It will show the something similar as given below:

# Log all kernel messages to the console.

# Logging much else clutters up the screen.

#kern.* /dev/console

# Log anything (except mail) of level info or higher.

# Don’t log private authentication messages!

*.info;mail.none;authpriv.none;cron.none /var/log/messages

# The authpriv file has restricted access.

authpriv.* /var/log/secure

# Log all the mail messages in one place.

mail.* -/var/log/maillog

# Log cron stuff

cron.* /var/log/cron

# Everybody gets emergency messages

*.emerg *

# Save news errors of level crit and higher in a special file.

uucp,news.crit /var/log/spooler

# Save boot messages also to boot.log

local7.* /var/log/boot.log

Add a new line in this file, as follows:

# root will gets login failure messages on its terminal

authpriv.warning root

You can also add multiple users with comma separated like

# root will gets login failure messages on its terminal

authpriv.warning root,Rahul

After doing the changes on syslog configuration file, restart the syslog service by following command.

# service rsyslog start

Now you can get the live information directly on your terminal, if someone trying to do a password attack.

Linux Explore » password voilation

Configure syslog to print the Security violation alarm on user terminal