I have a simple bash script that takes a picture of the user with my webcam, I want it to run when a login attempt fails.
I understand messing with the login is a terrible security risk...
But I want know, is it possible.
I have a simple bash script that takes a picture of the user with my webcam, I want it to run when a login attempt fails.
I understand messing with the login is a terrible security risk...
But I want know, is it possible.
Interesting question. I am watching the thread.
I have also another approach. Maybe it is easier to just take a pick of whoever tries to log in.
putting your script before the login attempt, would almost surely prove easier than running it after a failed attempt
AMD Phenom II X3 720 Black Edition 2,8 GHz - GIGABYTE GA-MA770T-UD3P - 6 GB RAM Mushkin DDR3 1333 - ZOTAC GeForce 9800 GT 1 GB DDR3
You could set up a script to run on boot which checks /var/log/auth.log every 5 seconds or so.
I was thinking of something like the log checker but I figured since there is already an event [failed login] I could try and tap into that.script to run on boot which checks /var/log/auth.log every 5 seconds
This would work for an initial login attempt but I also want it to take a picture of failed logins after I lock my screen.Maybe it is easier to just take a pick of whoever tries to log in
Thank you for the feed back and the quick responses.
I took everyones suggestions and threw this script together.
I needed to install 'gstreamer' and to change auth.log permissions to 666 for it to work.
To prevent the script from just looping until more logs are dumped into 'auth.log' I have the echo \n\n\n... line.
I hate it, if anyone has a better idea please let me know.
Also, as you can see caps 1 and 2 are just deleted. This is because my camera needs a second or two to kick on (i guess) and the first two pics are either black or garbled.
If anyone has any better ideas, or knows how to incorporate it into my original question [Run script on failed log attempt] ((I.E without a constantly running while loop))Code:! /bin/bash cd /home/USER/Pictures/Webcam/ LOG="/var/log/auth.log" while true do TIMESTAMP=$(date +%R.%S-%B-%d) TRIGGER=$(tail $LOG | grep "fail" | wc -l) if [ $TRIGGER -gt 0 ] then streamer -t 10 -r 1 -s 640x480 -o cap00.jpeg > /dev/null cp cap03.jpeg $TIMESTAMP\ 1.jpg cp cap04.jpeg $TIMESTAMP\ 2.jpg cp cap05.jpeg $TIMESTAMP\ 3.jpg cp cap06.jpeg $TIMESTAMP\ 4.jpg cp cap07.jpeg $TIMESTAMP\ 5.jpg rm cap* echo -e "\n\n\n\n\n\n\n\n\n\n" >> /var/log/auth.log fi done
Please post.
I have another idea.
/var/log/auth could be watched with inotify for changes.
You would need a startup script at boot, for inotify
This would then call on your webcam script every time the log get modified
If you use the 2 scripts approach, the first one would be good for anyone wanting to run a script at failed logon.
EDIT: this probably helps, but I am no good at C...
http://ik.homelinux.org/index.rhtml/projects/c/inotify
Last edited by bruno9779; June 14th, 2010 at 08:15 PM.
AMD Phenom II X3 720 Black Edition 2,8 GHz - GIGABYTE GA-MA770T-UD3P - 6 GB RAM Mushkin DDR3 1333 - ZOTAC GeForce 9800 GT 1 GB DDR3
I have also found this:
http://pwet.fr/man/linux/administration_systeme/famd
but it also involves system calls.
This is another approach yet using stat:
http://nixcraft.com/shell-scripting/...te-script.html
Last edited by bruno9779; June 14th, 2010 at 08:34 PM.
AMD Phenom II X3 720 Black Edition 2,8 GHz - GIGABYTE GA-MA770T-UD3P - 6 GB RAM Mushkin DDR3 1333 - ZOTAC GeForce 9800 GT 1 GB DDR3
Update:
I did run into a few strange problems after incorporating this script. My virtual box 'ose... something or other' would fail to start and some other emulation devices would freeze at odd intervals. To fix this I added a "sleep 1" after the while true ; do"
This drastically dropped the PC usage %'s and solved the Vbox and other issues while still doing it's job.
Since no one has touched this thread in about 2 weeks I will just figure this solution is the best solution ( does anyone else smell a challenge? ).
I guess this is the best we can do.
[Solved]
The only way to do this properly is to hook it into PAM.
PAM already processes the failed login attempt by reporting it in the log.
I looked into this a bit and found an elegant way to do it.
Edit the /etc/pam.d/common-auth file and insert this line immediately before the line with pam_deny.so module,
auth [default=ignore] pam_exec.so seteuid /usr/bin/grab
Now edit the two lines above (pam_unix and pam_winbind) and change the success=2 to success=3 and likewise success=1 to success=2. This has it skip an extra line when auth is successful. So it skips our script.
That's it. Make a script /usr/bin/grab to do what you want when login fails.
I used ffmpeg since I had that already and this is mine,
Note it must return 0. Of course, you can have it do whatever.Code:#!/bin/bash ts=`date +%s` ffmpeg -f video4linux2 -s vga -i /dev/video0 -vframes 3 /tmp/vid-$ts.%01d.jpg exit 0
It would be good to save a short video actually.
Last edited by BkkBonanza; September 10th, 2010 at 01:05 PM.
Bookmarks