Locked users overview and omv-firstaid

  • OMV 3.x
  • Resolved
  • Locked users overview and omv-firstaid

   Hello!

   I'm having issues with either the logging not being correct for failed attempts and/or omv-firstaid not being able to clear them.

   Display Spoiler

   The following users are locked/banned or are candidates for too many failed login attempts:


   Login Failures Latest failure From
   root 18690 05/20/37 14:01:25 ‹
   daemon 32767 09/26/21 18:08:46 Z"ß繋¼¯2âµW
   bin 48990 10/12/49 01:34:34 öýóoÿ ?|÷ò ýÅëWß}þæÅ›7/_}÷7Ÿ?{÷ÿzöêû ß½øòÙW¯^?ûáÍ‹×Ï^¿zõöÙoÿôìD¯ö¶
   sys 44283 01/15/08 10:23:02 ¯ xùåßo óÿúÇ òæÍï¾| Ô å×/^ÿþö ¿yùæí‹ï^~÷õ³Û“·Ï ÿϳï_½~û¬ÖÏŒG}þù©D¯ö¶
   sync 48687 09/20/65 11:36:24 §üéöO¾ýò ß¼úúåw Ï;¶ÛóþéÅ naŸ¿}ü Û{ÿ¾–O,¶/¾yõæýb{ïÑ# øÏ/¾xñò÷· üëD¯ö¶
   games 32351 08/09/26 01:30:31 ÿúŸÿË ÿ¿þîÙë oÞ> ýö–õý¿.zÄÇ ÷G=*,î:U¦7/¿þîù7·ÿõ¿{ööÅëo_~÷ü^® S·D¯ö¶
   man 58223 03/24/25 17:16:16 º>-×Ç<ê#r½{ŠŸ«íX®ðQ÷r­Ïëñy©ï Þ}ïd­àQÒ Ñã£ë Ãé óø˜Ö?ø™oã Ëág”§_ÇD¯ö¶
   lp 44931 02/12/45 03:24:28 6¶ }ý ÿ¨ðõÿü)ïÕŽÛ¾’Úñéß XG?ý §ª°ü ŸP& ó¨¸L>l(Ï}
   âcm·Æ胯¬Ö1ѯ,¢ìD¯ö¶
   mail 35799 04/08/68 20:20:47 ÿÛP.,&ýèöÓšèÕ·¿ÿÅ‹ïn û‹[­1ëø)á¡,¾}ñåËç¿ þÃ7o? þÃÛßÝ@ ÿ׋ïÞ¾üâV‡ÜD¯ö¶
   news 62131 07/08/62 21:18:17 x_= ùÍ ¯_üݳÛOæ»çß¾øûg %õìÅÓÿõöíŸþþÙ뇿äö ýîÕ›· _ŽúY™ë³òÙþìñOüûçD¯ö¶
   uucp 45015 08/21/14 19:16:14 _Þj¤÷þÆŸÆÿùßñ‹?¼øí×?¼¼ýµÛà ùß¿{øƒ^½~ù¿n© ¶Ïž¿½ý†¿ ûì«×¯¾}öSÜo pD¯ö¶
   [NONAME] 53111 12/23/52 09:13:18 ä#òo ñ¿xþõ-Îßÿã«ÿõò›ožÿrÜ~Z ý?n?þW xóìŸþåY¹ýÖþîÙí?ÌþwÏþ8ûß<û‡ïD¯ö¶
   [NONAME] 24503 07/07/62 06:22:35 ¿ÿæÅÿxñÛÿöòí/GÛ?kóÙ_ÿ·ÿò/ÿø þíí×õ¯/žýç _üë«¿yö wÿøåX·_kÛêñY)Û³D¯ö¶
   proxy 8122 10/07/82 17:47:41 _?ÿêùë—ïþÙÿ|/ó ½—½ýoó^Žÿÿ{/}žÍü ï'þw•´|¾} ú­îpÝlPTÕVï<º }c ” ~D¯ö¶
   [NONAME] 59771 02/04/06 15:47:59 Ú yøßyþå—¿ [{° ïn òðŸnÿ¯‡ èåïŸß¾Ÿÿþ_ÿß _¶mûÛgÿùéÿõ·Ï~w{é ÿˇÿù˧D¯ö¶
   [NONAME] 52711 05/12/43 17:52:39 ÿ 7¿{ñÍ7 ÿËß¾üî—_> ó»óÄÛÿóÙ_=<㯞½}õìëׯ~øþÙ_=üÑ e>ãá çÍ'?äÍïžß~D¯ö¶
   [NONAME] 15311 07/14/22 12:19:27 ÈßóóG}øgµ;/{ l E}RýΣWÛ À ¨
   [NONAME] 9073 11/11/67 13:11:42 `t„Ÿu¿?¡—–=â#{i û¨û½´ÿ‡fºÓ ­[ÿYEòð_?]zoÿZyï‡_Oû`„åÏ Õÿq#Þ
   úûçoÞüD¯ö¶
   [NONAME] 4051 10/22/67 18:32:27 áÕë§Oðñ#ÿ@ý óŽ1Z{xBý9 · ð _|ñâû·—"~^²æ ¸Ÿ Nyzv¹ýæ¿úËc?Ó ûéßûîñ VD¯ö¶
   [NONAME] 60867 05/12/15 00:37:31 dþÝ㧕ÏcY? P{üƒ >ý÷Ï¿øÝÃw÷öÕ¿þÍç y-·ÿøÝ×/þòz~úøý^ÝvëÏÃ틃QUèþóiD¯ö¶
   [NONAME] 20875 10/15/66 21:51:59 €ûý Rg ÿî;Bûç}™5kòˆ ­Y?òQAÍÊdú° üäL ó¨ Óº÷¹÷R*û«ºa> »?‹Q¿ªõùíK|¿D¯ö¶
   [NONAME] 17734 02/10/15 11:54:16 zéãÓjþ¹Ž jþÖüïctÍßãšÿ¸÷fÇ6 ûf#<äá¤Q A<»o÷ž=Ûb; FE¸7ÚTö
   HD¯ö¶
   [NONAME] 3617 06/14/74 14:05:26 FE¸7ÞTÖÍÝØ FE¸7¾QÖÑÙß™…Q î p”c§?$ £"Ü "¨Û,ðÏ9°3ê! ~! æS_ °*ÀzD¯ö¶
   [NONAME] 23355 02/28/03 23:54:37 ÙêÙ÷FjêM)à ÉÁ¨ ÷zJµÖÎŽiY ážýÖ‡Þ
   ÁÁ¨ ÷䥶5á¦ÍÁˆ ãž¼Ô>;[
   =`>胜ÅD¯ö¶
   [NONAME] 43053 06/17/21 18:30:29 ¨ ÷䥎ÞÙn”…Q îÉK •Žà`T„{òR÷­±Í¦…Q îÉKÝ ¼ºÇ¨ w›Í5é )°-¨…¹²¤Ô³ï¶D¯ö¶
   [NONAME] 34827 11/17/18 00:21:49 üG_ì´«…Q îµümk þ ŒŠp¯åo¥ÀsÇ FE¸×ò·º ¸Fr0i„Ûƒï FG%/„¬ ˆí‘ÖŸ¯ž|wD¯ö¶
   [NONAME] 35603 08/13/50 12:14:01 `§Uò'àQT€»ÊR ©§ E ¸',mÛÈzÔ£¨
   [NONAME] 34119 04/22/20 12:50:35 Ø'ü ˜wú˜')*À=M™ ¨ó(*À=IÙû ÿˆ
   Š
   pOQVC·9Å ¸µ1²|b1
   Y¹')G…[b‡¢ ܵ”D¯ö¶
   [NONAME] 39885 02/10/05 16:07:17 ­TR¦MŒŠpw’k; 9ìkbT„»“\e
   ¶.µ0*ÂÝI®:ÑÕ¶&FE¸×Ø—6è· aàï5°͛…¹ò…|곉D¯ö¶
   [NONAME] 61264 09/15/16 05:11:10 ŸóÝUϽÃv]î¹ÝYŒŠpwÕá¨;ü[ˆ0ðGê`®,)õ컋áfA‡”MŒŠpw-ÓN÷õ-ŒˆPï®eÚWc Î D¯ö¶
   [NONAME] 29451 01/15/19 22:27:30 FE¸ë_‹n -ŒŠp׿ ºÙ´0*ÂÝyº­£«¾LŒŠpwž®Ô ~ FE¸;ÉU : `ØÁ/ s¢¤>\ p²¤D¯ö¶
   [NONAME] 38595 12/01/28 09:58:28 Ô³ïÎÓÕ ÖS £"Ü] Ô º(ÎĨ w õ‰® 61*ÂÝ…@·þ ü ŒˆÐî®7šì†Þ Ö”…¹²¤Ô³ïD¯ö¶
   [NONAME] 44641 11/17/59 03:15:40 ®eÚkc[g £"Ü ²[ z ž‰Q îÊË:àAm £"Ü•—c¡KiMŒŠpÏ*Ú6'ü ";~na®,)õì{òÒÊD¯ö¶
   www-data 978 10/20/72 02:51:29 h¬©¶{ãHg1*ÂݵLµ
   øCr0*ÂÝ <xŠÇ€¨?ÿîÈÈDÏM‹)ì ‰“å ‹ |¹» ®Ò ñ E ¸{¼SD¯ö¶
   backup 30876 11/15/41 12:12:57 ¯lŸß¡¨
   [NONAME] 54781 10/13/16 01:47:15 G ½³»{ßöÕØ1x‡¢ ôŸ pÿ¸ ½>ž}õïø´ Ǥã§I þ²o_}ù›õ4÷üt*ÌS ýÕã ÿWÏþ|žD¯ö¶
   [NONAME] 31936 08/10/89 20:32:56 ÃOŸrÏJ× ¯'p(ê…ß³ÒcGO ô(*Àý“ æÎz©… înF,ó€_‚…Q îO n;Û‡zÀ|¸ â$FE¸?D¯ö¶
   [NONAME] 12249 07/30/54 20:59:11 -ØÑóòLŒŠp Zp ö·`aT„»C^u k,ŒŠðž = Rúp’iÝ G y:µôö_n yûêÙ/_¼ýâ— ÿíD¯ö¶
   list 46023 07/22/62 18:25:54 Ý ±_¾øíËçßýâË ßüðõ‹/ß [« x:4õ.äcžýpž­÷ç>”ÚŸŸ8þç 'ä¾ÿÀdzrKÿñÉ >*D¯ö¶
   irc 44177 11/11/35 12:06:26 ÷÷Ï_ÿò›—¿ýå ÿ‹?90÷«çß¼y‘ü ïÆä XÍ"z˜±‰ùÈÏ÷Ïbt{ü‡fôóWuW‘¬’ÿÈ¿õö·}D¯ö¶
   [NONAME] 45566 07/07/95 22:39:10 ýâáá c³ >ÙïÇs¸^üñû—¯ÿôø´ìó/ï{áã·ºÚã¤ø ßêà ~ñåó ß¾ú˱Îåþ±Îïý/¿û\ D¯ö¶
   gnats 47839 08/31/31 03:24:19 xóú—o ¾Ùï^=jôGü1 ‡"ÿì©ÉiÍŸü¸ô°å#Ü O:Z õ ÍŸß\ðç‚yØ’{ç¥ßº# üsµ4ž^D¯ö¶
   [NONAME] 63458 11/06/18 16:15:28 õ|˜'~¿bzøß{ì=½y< ïg Ôo z¢÷ý¿àáWwû +ÝŸýê ž{ÿ·öÞSž~ Ϙâ÷ððÈŸ?èççD¯ö¶
   [NONAME] 65343 03/22/21 07:17:21 þp{Êx\§öë ¾øâVª_ýðÍí¿þøo ÞÙ‡… =ã?<ûÕ¯~õø¿ÿùyð ïøÍ '>¤?ÿQw?¤Ÿ#ä‘D¯ö¶
   [NONAME] 32333 01/26/25 05:48:53 w_” ¼{xìgúa?ýk?î°Ó ø»Ï Íû ÿûE~wf¥´ z´0ê÷{w3zÝÑk L̉ M~•ÿ|«” /†D¯ö¶
   [NONAME] 56318 07/30/54 05:15:03 úñËüì½g¼ „þC%2JP…<TWO£6 UZ -À_ýòÍëßßš¯ßÿâË—oþõ ¿ýÓ/¾yþÛ ßüâÿûüõD¯ö¶
   [NONAME] 27407 03/30/25 03:39:14 7 úà_$ Ñí› uÿ¨Z$zBR‡Dÿ «AÞ è ¤Æ5Èý‡]Rƒ|ZÁ¨úãþ¼ |CÉ~z k²ïÏ«‘S/ D¯ö¶
   [NONAME] 19480 12/19/98 13:27:52 ,&“ra1©Gß DÏÙ6)*À݉ÁI.ã0)*À݉ÁA®[7)*À݉ÁF beRT€»“i•œ L(ð{6²|b1D¯ö¶
   [NONAME] 55152 03/24/02 06:21:43 ŸÐ½ æÚÈ•Ò&E ¸)¶ž½+O3\ÿ~gïÞ%ý° ò Y“¢^ÕÝ ±ƒ\@úŽòÁ|ÉIŠ
   p×Ƕ <[#ÀD¯ö¶

   You can reset their counters and unlock them via the omv-firstaid command.


   However when I try to clear it using omv-firstaid, I get

   Source Code

   1. ERROR: 'utf-8' codec can't decode byte 0x8b in position 45: invalid start byte

   I'm not sure if this is someone specifically sending garbage input or if it's maybe catching Deluge traffic as an attempt to log in. The deluge port should be the only thing exposed to the internet.
  • What is the output of


   Shell-Script

   1. # pam_tally2
   and which locale are you using?
   Absolutely no support through PM!

   I must not fear.
   Fear is the mind-killer.
   Fear is the little-death that brings total obliteration.
   I will face my fear.
   I will permit it to pass over me and through me.
   And when it has gone past I will turn the inner eye to see its path.
   Where the fear has gone there will be nothing.
   Only I will remain.

   Litany against fear by Bene Gesserit
  • That output is really odd. What platform is this?

   Just checksum the pam_tally module and binary to compare

   md5sum /lib/x86_64-linux-gnu/security/pam_tally2.so
   md5sum /sbin/pam_tally2

   Just check your process list for any weird stuff running there.
   New wiki
   chat support at #openmediavault@freenode IRC | Spanish & English | GMT+10
   telegram.me/openmediavault broadcast channel
   openmediavault discord server
  • Armbian Debian 8.8 on an odroid XU4.
   Linux openmediavault 4.9.30-odroidxu4 #1 SMP PREEMPT Wed May 31 20:51:27 EDT 2017 armv7l GNU/Linux

   Shell-Script

   1. root@openmediavault:/lib/arm-linux-gnueabihf/security# md5sum pam_tally2.so
   2. 58b21ef78407364dfe2fb88350de3b17 pam_tally2.so


   Source Code

   1. 868593a83766c31c8c36fb0f9993b12b /sbin/pam_tally2
   Display Spoiler
   top - 21:13:41 up 1 day, 2:30, 1 user, load average: 0.18, 0.18, 0.17
   Tasks: 247 total, 1 running, 246 sleeping, 0 stopped, 0 zombie
   %Cpu(s): 0.9 us, 0.3 sy, 0.0 ni, 98.8 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st
   KiB Mem: 2041824 total, 1656048 used, 385776 free, 16056 buffers
   KiB Swap: 131068 total, 0 used, 131068 free. 1284428 cached Mem

   PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
   4809 plex 20 0 256936 36556 4048 S 5.2 1.8 32:45.96 python
   1241 deluge-+ 20 0 120756 77744 6384 S 2.3 3.8 51:02.67 deluged
   10614 root 20 0 4836 2164 1700 R 2.3 0.1 0:00.50 top
   4981 plex 20 0 293828 49568 13856 S 1.0 2.4 13:07.32 Plex Media Serv
   325 root 20 0 0 0 0 S 0.3 0.0 3:14.97 spi1
   355 root 20 0 11088 2324 1364 S 0.3 0.1 2:42.50 systemd-udevd
   5180 plex 20 0 136480 22784 1800 S 0.3 1.1 0:55.49 Plex Script Hos
   10137 root 20 0 0 0 0 S 0.3 0.0 0:00.35 kworker/u16:2
   10386 root 20 0 0 0 0 S 0.3 0.0 0:00.17 kworker/4:0
   10616 root 20 0 11088 1964 996 S 0.3 0.1 0:00.08 systemd-udevd
   1 root 20 0 6264 4588 1944 S 0.0 0.2 0:18.25 systemd
   2 root 20 0 0 0 0 S 0.0 0.0 0:00.11 kthreadd
   3 root 20 0 0 0 0 S 0.0 0.0 0:00.46 ksoftirqd/0
   5 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kworker/0:0H
   7 root 20 0 0 0 0 S 0.0 0.0 1:07.17 rcu_preempt
   8 root 20 0 0 0 0 S 0.0 0.0 0:00.00 rcu_sched
   9 root 20 0 0 0 0 S 0.0 0.0 0:00.00 rcu_bh
   10 root rt 0 0 0 0 S 0.0 0.0 0:00.02 migration/0
   11 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 lru-add-drain
   12 root 20 0 0 0 0 S 0.0 0.0 0:00.00 cpuhp/0
   13 root 20 0 0 0 0 S 0.0 0.0 0:00.00 cpuhp/1
   14 root rt 0 0 0 0 S 0.0 0.0 0:00.01 migration/1
   15 root 20 0 0 0 0 S 0.0 0.0 0:00.72 ksoftirqd/1
   17 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kworker/1:0H
   18 root 20 0 0 0 0 S 0.0 0.0 0:00.00 cpuhp/2
   19 root rt 0 0 0 0 S 0.0 0.0 0:00.00 migration/2
   20 root 20 0 0 0 0 S 0.0 0.0 0:00.20 ksoftirqd/2
   22 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kworker/2:0H
   23 root 20 0 0 0 0 S 0.0 0.0 0:00.00 cpuhp/3
   24 root rt 0 0 0 0 S 0.0 0.0 0:00.00 migration/3
   25 root 20 0 0 0 0 S 0.0 0.0 0:36.73 ksoftirqd/3
   27 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kworker/3:0H
   28 root 20 0 0 0 0 S 0.0 0.0 0:00.00 cpuhp/4
   29 root rt 0 0 0 0 S 0.0 0.0 0:00.26 migration/4
   30 root 20 0 0 0 0 S 0.0 0.0 0:07.00 ksoftirqd/4
   32 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kworker/4:0H
   33 root 20 0 0 0 0 S 0.0 0.0 0:00.00 cpuhp/5
   34 root rt 0 0 0 0 S 0.0 0.0 0:00.18 migration/5
   35 root 20 0 0 0 0 S 0.0 0.0 0:01.06 ksoftirqd/5
   37 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kworker/5:0H
   38 root 20 0 0 0 0 S 0.0 0.0 0:00.00 cpuhp/6
   39 root rt 0 0 0 0 S 0.0 0.0 0:00.08 migration/6
   40 root 20 0 0 0 0 S 0.0 0.0 0:00.24 ksoftirqd/6
   42 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kworker/6:0H
   43 root 20 0 0 0 0 S 0.0 0.0 0:00.00 cpuhp/7
   44 root rt 0 0 0 0 S 0.0 0.0 0:00.02 migration/7
   45 root 20 0 0 0 0 S 0.0 0.0 0:00.11 ksoftirqd/7
   47 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kworker/7:0H
   48 root 20 0 0 0 0 S 0.0 0.0 0:00.03 kdevtmpfs
   49 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 netns
   52 root 20 0 0 0 0 S 0.0 0.0 0:00.00 oom_reaper
   53 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 writeback
   54 root 20 0 0 0 0 S 0.0 0.0 0:00.58 kcompactd0
   55 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 crypto
   56 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 bioset
   57 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kblockd
   58 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 devfreq_wq
   59 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 watchdogd
   60 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 rpciod
   61 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 xprtiod
   62 root 20 0 0 0 0 S 0.0 0.0 0:36.77 kswapd0
   63 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 vmstat
   64 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 nfsiod
   65 root 20 0 0 0 0 S 0.0 0.0 0:00.00 jfsIO
   66 root 20 0 0 0 0 S 0.0 0.0 0:00.00 jfsCommit
   67 root 20 0 0 0 0 S 0.0 0.0 0:00.00 jfsCommit
   68 root 20 0 0 0 0 S 0.0 0.0 0:00.00 jfsCommit
   69 root 20 0 0 0 0 S 0.0 0.0 0:00.00 jfsCommit
   70 root 20 0 0 0 0 S 0.0 0.0 0:00.00 jfsCommit
   71 root 20 0 0 0 0 S 0.0 0.0 0:00.00 jfsCommit
   72 root 20 0 0 0 0 S 0.0 0.0 0:00.00 jfsCommit
   73 root 20 0 0 0 0 S 0.0 0.0 0:00.00 jfsCommit
   74 root 20 0 0 0 0 S 0.0 0.0 0:00.00 jfsSync
   75 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 bioset
   76 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 xfsalloc
   77 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 xfs_mru_cache
   120 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kthrotld
   122 root -51 0 0 0 0 S 0.0 0.0 0:00.00 irq/126-drm_rot
   123 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 ipp_event


   I believe this might have started happening when I updated OMV to 3.0.77
  • I started getting exactly the same sort of thing on my ODroid XU4 OMV box about a month or so ago. I know it was right after applying some updates (one of which I believe was a kernel update). Did you ever figure it out?

   EDIT - Didn't see the "pam_tally2 --reset" suggestion in the last post. Sorry for dredging up an old thread; I'll give that a shot first.
   ODROID-XU4
   32GB eMMC Boot Drive | 3x3TB Seagate External Drives
   OMV 3.0.94 | Linux Kernel 4.9.56-odroidxu4
   SnapRAID | MergerFS | Plex Media Server

   The post was edited 1 time, last by jarodmerle ().