Skip to content

Mikael Göransson

  • Home
  • Who

Take pictures during failed login attempts

Got the idea that I wanted to take some pictures if there’s a failed login attempt on my laptop. A quick google search and this is the way to do it:

Start off by creating a script that will use ffmpeg to takes a pictures using the webcam. I stored it in /usr/local/bin/failed-login.sh:

#!/usr/bin/env bash

DIR="${HOME}/Pictures/Failed Login"
FILE="failed-${HOSTNAME}-$(date +%Y%m%d-%H%M%S).jpg"

ffmpeg -loglevel panic \
    -f video4linux2 \
    -s vga \
    -i /dev/video0 \
    -vframes 1 \
    "${DIR}/${FILE}" >/dev/null

exit 0

In my actual case, I’m storing the pictures on my google drive.

If you have an webserver, it’s a nice feature to make the script upload the pictures there. This however will only work if you make sure that your most used wireless connections are marked with `All users may connect to this network` so you have internet access from the login screen. Also you need to have public key authentication setup for the user you’re going to use. The line below can then be added after the ffmpeg call:

{ scp -i /home/user/.ssh/id_rsa "${DIR}/$[FILE}" user@www.example.com:/var/www/pictures && rm "${DIR}/${FILE}"; } || true

Don’t forget to make it executable with chmod +x /usr/local/bin/failed-login.sh.

Run it manually and make sure that the pictures are stored in ${DIR}.

Last thing is just to modify /etc/pam.d/common-auth to run the script when there’s a failed login attempt. We’d want to change the following line:

auth   [success=1 default=ignore]      pam_unix.so nullok_secure

To:

auth   [success=2 default=ignore]      pam_unix.so nullok_secure

I.e. success=1 to success=2, this is to make sure that the script isn’t executed for a successful login.

After this line add the following:

auth    [default=ignore]                pam_exec.so seteuid /usr/local/bin/failed-login.sh

All in all, the file should look like this (without comments):

auth    [success=2 default=ignore]     pam_unix.so nullok_secure
auth    [default=ignore]                pam_exec.so seteuid /usr/local/bin/failed-login.sh
auth    requisite                       pam_deny.so
auth    required                        pam_permit.so
auth    optional                        pam_cap.so

Logout and enjoy the new feature of getting pictures of the offenders!

Pretty much everything is taken from this answer on askubuntu.com.

Author MikaelPosted on March 2, 2017June 5, 2018Categories Hack, Linux, Operating systems, UbuntuTags failed login, ffmpeg, pam, pictures, Ubuntu

Post navigation

Previous Previous post: HP DisplayLink docking station in Ubuntu
Next Next post: Dual boot Linux and Windows – BIOS system time incorrect

Search

Categories

  • Hack (11)
    • Tips (6)
  • Operating systems (37)
    • FreeBSD (3)
    • Linux (29)
      • Debian (5)
      • Ubuntu (23)
    • Mac OS X (4)
    • Windows (1)
  • Technology (7)
    • Docker (3)
    • Git (2)
  • Travel (16)

Archive

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org
  • Home
  • Who
Mikael Göransson Proudly powered by WordPress