Failed Login Check
This Check scans the system authentication log - defaulting to /var/log/messages where no system authentication logs are found - failing where the number of failed login attempts in the previous 24 hours exceeds the threshold value.
The strings the Agent searches for are included in the file hacker_patterns which is downloaded to /usr/local/rmmagent as part of the installation and upgrade process.
hacker_patterns currently contains the following strings:
- Authentication Failure
- authentication failure
- password check failed
- incorrect password attempts
- Invalid user
- Failed publickey for invalid user
- Failed password for invalid user
- Failed keyboard-interactive for invalid user
- Too many authentication failures
- more authentication failures
- not allowed because not listed in AllowUsers
Although we realize that on some devices there may be other strings you wish to search for - for example those created by a custom application - and these can be entered in the file hacker_patterns_custom also available in /usr/local/rmmagent/
Dashboard Check configuration
Add
- Select the device in the north pane of the Dashboard
- Go to the Checks tab
- Click Add Check
- Choose Add DSC Check > Failed Login Check
-
Enter the Threshold value.
- Click OK to save and apply
Edit
- Select the device in the north pane of the Dashboard
- Go to the Checks tab
- Select the target Failed Login Check
- From the Check drop-down
- Click Edit Check (also available from the Check's right-click menu)
- Configure the settings
- Click OK to save and apply
Delete
- Select the device in the north pane of the Dashboard
- Go to the Checks tab
- Select the target Failed Login Check
- From the Check drop-down
- Click Delete Check (also available from the Check's right-click menu)
- Enter the password you have logged into the Dashboard under to confirm removal
- Click OK to delete
The Failed Login Check was previously known as the Hacker Check with this renamed in Dashboard v5.44.5 to more accurately reflect the Check's function.