Got the idea that I wanted to take some pictures if there’s a failed login attempt on my laptop. A quick google search and this is the way to do it:
Start off by creating a script that will use ffmpeg
to takes a pictures using the webcam. I stored it in /usr/local/bin/failed-login.sh
:
#!/usr/bin/env bash DIR="${HOME}/Pictures/Failed Login" FILE="failed-${HOSTNAME}-$(date +%Y%m%d-%H%M%S).jpg" ffmpeg -loglevel panic \ -f video4linux2 \ -s vga \ -i /dev/video0 \ -vframes 1 \ "${DIR}/${FILE}" >/dev/null exit 0
In my actual case, I’m storing the pictures on my google drive.
If you have an webserver, it’s a nice feature to make the script upload the pictures there. This however will only work if you make sure that your most used wireless connections are marked with `All users may connect to this network` so you have internet access from the login screen. Also you need to have public key authentication setup for the user you’re going to use. The line below can then be added after the ffmpeg
call:
{ scp -i /home/user/.ssh/id_rsa "${DIR}/$[FILE}" user@www.example.com:/var/www/pictures && rm "${DIR}/${FILE}"; } || true
Don’t forget to make it executable with chmod +x /usr/local/bin/failed-login.sh
.
Run it manually and make sure that the pictures are stored in ${DIR}
.
Last thing is just to modify /etc/pam.d/common-auth
to run the script when there’s a failed login attempt. We’d want to change the following line:
auth [success=1 default=ignore] pam_unix.so nullok_secure
To:
auth [success=2 default=ignore] pam_unix.so nullok_secure
I.e. success=1
to success=2
, this is to make sure that the script isn’t executed for a successful login.
After this line add the following:
auth [default=ignore] pam_exec.so seteuid /usr/local/bin/failed-login.sh
All in all, the file should look like this (without comments):
auth [success=2 default=ignore] pam_unix.so nullok_secure auth [default=ignore] pam_exec.so seteuid /usr/local/bin/failed-login.sh auth requisite pam_deny.so auth required pam_permit.so auth optional pam_cap.so
Logout and enjoy the new feature of getting pictures of the offenders!
Pretty much everything is taken from this answer on askubuntu.com.