#Log_3- PAM (Pluggable Authentication Modules) Logs

BURST · 30-12-2018, 04:01 AM

PAM (Pluggable Authentication Modules: A system that allows you to identify different authentication methods by services. On older Linux systems, when a program such as "su", "login", "passwd" wanted to authenticate the user, it would have access to the required information from the file under /etc/passwd.

Records from PAM_Unix may be in different formats depending on the operating system.It can create too many problems when it breaks down.

Available Formats:

Code:
process_name(pam_unix)[pid]:
 process_name[pid]: (pam_unix)
 process_name: pam_unix(process_name):

Successful Introduction:

Code:
Jul 7 10:51:24 srbarriga su(pam_unix)[14592]: session opened for user test2 by (uid=10101)
 Jul 7 10:52:14 srbarriga sshd(pam_unix)[17365]: session opened for user test by (uid=508)
 Nov 17 21:41:22 localhost su[8060]: (pam_unix) session opened for user root by (uid=0)
 Nov 11 22:46:29 localhost vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=1.2.3.4

Signed Out:

Code:
Jul 7 10:53:07 srbarriga su(pam_unix)[14592]: session closed for user test

Login Incorrect:

Code:
Jul 7 10:55:56 srbarriga sshd(pam_unix)[16660]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=192.168.20.111 user=root
 Jul 7 10:59:12 srbarriga vsftpd(pam_unix)[25073]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=192.168.20.111

Invalid User Input Attempt:

Code:
Jul 7 10:59:49 srbarriga vsftpd(pam_unix)[25073]: check pass; user unknown

#Log_3- PAM (Pluggable Authentication Modules) Logs

Submitted by BURST, 30-12-2018, 04:01 AM, Thread ID: 113906