Locked users overview and omv-firstaid

    • OMV 3.x
    • Resolved
    • Locked users overview and omv-firstaid

      Hello!

      I'm having issues with either the logging not being correct for failed attempts and/or omv-firstaid not being able to clear them.

      Display Spoiler

      The following users are locked/banned or are candidates for too many failed login attempts:


      Login Failures Latest failure From
      root 18690 05/20/37 14:01:25 ‹
      daemon 32767 09/26/21 18:08:46 Z"ß繋¼¯2âµW
      bin 48990 10/12/49 01:34:34 öýóoÿ ?|÷ò ýÅëWß}þæÅ›7/_}÷7Ÿ?{÷ÿzöêû ß½øòÙW¯^?ûáÍ‹×Ï^¿zõöÙoÿôìD¯ö¶
      sys 44283 01/15/08 10:23:02 ¯ xùåßo óÿúÇ òæÍï¾| Ô å×/^ÿþö ¿yùæí‹ï^~÷õ³Û“·Ï ÿϳï_½~û¬ÖÏŒG}þù©D¯ö¶
      sync 48687 09/20/65 11:36:24 §üéöO¾ýò ß¼úúåw Ï;¶ÛóþéÅ naŸ¿}ü Û{ÿ¾–O,¶/¾yõæýb{ïÑ# øÏ/¾xñò÷· üëD¯ö¶
      games 32351 08/09/26 01:30:31 ÿúŸÿË ÿ¿þîÙë oÞ> ýö–õý¿.zÄÇ ÷G=*,î:U¦7/¿þîù7·ÿõ¿{ööÅëo_~÷ü^® S·D¯ö¶
      man 58223 03/24/25 17:16:16 º>-×Ç<ê#r½{ŠŸ«íX®ðQ÷r­Ïëñy©ï Þ}ïd­àQÒ Ñã£ë Ãé óø˜Ö?ø™oã Ëág”§_ÇD¯ö¶
      lp 44931 02/12/45 03:24:28 6¶ }ý ÿ¨ðõÿü)ïÕŽÛ¾’Úñéß XG?ý §ª°ü ŸP& ó¨¸L>l(Ï}
      âcm·Æ胯¬Ö1ѯ,¢ìD¯ö¶
      mail 35799 04/08/68 20:20:47 ÿÛP.,&ýèöÓšèÕ·¿ÿÅ‹ïn û‹[­1ëø)á¡,¾}ñåËç¿ þÃ7o? þÃÛßÝ@ ÿ׋ïÞ¾üâV‡ÜD¯ö¶
      news 62131 07/08/62 21:18:17 x_= ùÍ ¯_üݳÛOæ»çß¾øûg %õìÅÓÿõöíŸþþÙ뇿äö ýîÕ›· _ŽúY™ë³òÙþìñOüûçD¯ö¶
      uucp 45015 08/21/14 19:16:14 _Þj¤÷þÆŸÆÿùßñ‹?¼øí×?¼¼ýµÛà ùß¿{øƒ^½~ù¿n© ¶Ïž¿½ý†¿ ûì«×¯¾}öSÜo pD¯ö¶
      [NONAME] 53111 12/23/52 09:13:18 ä#òo ñ¿xþõ-Îßÿã«ÿõò›ožÿrÜ~Z ý?n?þW xóìŸþåY¹ýÖþîÙí?ÌþwÏþ8ûß<û‡ïD¯ö¶
      [NONAME] 24503 07/07/62 06:22:35 ¿ÿæÅÿxñÛÿöòí/GÛ?kóÙ_ÿ·ÿò/ÿø þíí×õ¯/žýç _üë«¿yö wÿøåX·_kÛêñY)Û³D¯ö¶
      proxy 8122 10/07/82 17:47:41 _?ÿêùë—ïþÙÿ|/ó ½—½ýoó^Žÿÿ{/}žÍü ï'þw•´|¾} ú­îpÝlPTÕVï<º }c ” ~D¯ö¶
      [NONAME] 59771 02/04/06 15:47:59 Ú yøßyþå—¿ [{° ïn òðŸnÿ¯‡ èåïŸß¾Ÿÿþ_ÿß _¶mûÛgÿùéÿõ·Ï~w{é ÿˇÿù˧D¯ö¶
      [NONAME] 52711 05/12/43 17:52:39 ÿ 7¿{ñÍ7 ÿËß¾üî—_> ó»óÄÛÿóÙ_=<㯞½}õìëׯ~øþÙ_=üÑ e>ãá çÍ'?äÍïžß~D¯ö¶
      [NONAME] 15311 07/14/22 12:19:27 ÈßóóG}øgµ;/{ l E}RýΣWÛ À ¨
      [NONAME] 9073 11/11/67 13:11:42 `t„Ÿu¿?¡—–=â#{i û¨û½´ÿ‡fºÓ ­[ÿYEòð_?]zoÿZyï‡_Oû`„åÏ Õÿq#Þ
      úûçoÞüD¯ö¶
      [NONAME] 4051 10/22/67 18:32:27 áÕë§Oðñ#ÿ@ý óŽ1Z{xBý9 · ð _|ñâû·—"~^²æ ¸Ÿ Nyzv¹ýæ¿úËc?Ó ûéßûîñ VD¯ö¶
      [NONAME] 60867 05/12/15 00:37:31 dþÝ㧕ÏcY? P{üƒ >ý÷Ï¿øÝÃw÷öÕ¿þÍç y-·ÿøÝ×/þòz~úøý^ÝvëÏÃ틃QUèþóiD¯ö¶
      [NONAME] 20875 10/15/66 21:51:59 €ûý Rg ÿî;Bûç}™5kòˆ ­Y?òQAÍÊdú° üäL ó¨ Óº÷¹÷R*û«ºa> »?‹Q¿ªõùíK|¿D¯ö¶
      [NONAME] 17734 02/10/15 11:54:16 zéãÓjþ¹Ž jþÖüïctÍßãšÿ¸÷fÇ6 ûf#<äá¤Q A<»o÷ž=Ûb; FE¸7ÚTö
      HD¯ö¶
      [NONAME] 3617 06/14/74 14:05:26 FE¸7ÞTÖÍÝØ FE¸7¾QÖÑÙß™…Q î p”c§?$ £"Ü "¨Û,ðÏ9°3ê! ~! æS_ °*ÀzD¯ö¶
      [NONAME] 23355 02/28/03 23:54:37 ÙêÙ÷FjêM)à ÉÁ¨ ÷zJµÖÎŽiY ážýÖ‡Þ
      ÁÁ¨ ÷䥶5á¦ÍÁˆ ãž¼Ô>;[
      =`>胜ÅD¯ö¶
      [NONAME] 43053 06/17/21 18:30:29 ¨ ÷䥎ÞÙn”…Q îÉK •Žà`T„{òR÷­±Í¦…Q îÉKÝ ¼ºÇ¨ w›Í5é )°-¨…¹²¤Ô³ï¶D¯ö¶
      [NONAME] 34827 11/17/18 00:21:49 üG_ì´«…Q îµümk þ ŒŠp¯åo¥ÀsÇ FE¸×ò·º ¸Fr0i„Ûƒï FG%/„¬ ˆí‘ÖŸ¯ž|wD¯ö¶
      [NONAME] 35603 08/13/50 12:14:01 `§Uò'àQT€»ÊR ©§ E ¸',mÛÈzÔ£¨
      [NONAME] 34119 04/22/20 12:50:35 Ø'ü ˜wú˜')*À=M™ ¨ó(*À=IÙû ÿˆ
      Š
      pOQVC·9Å ¸µ1²|b1
      Y¹')G…[b‡¢ ܵ”D¯ö¶
      [NONAME] 39885 02/10/05 16:07:17 ­TR¦MŒŠpw’k; 9ìkbT„»“\e
      ¶.µ0*ÂÝI®:ÑÕ¶&FE¸×Ø—6è· aàï5°͛…¹ò…|곉D¯ö¶
      [NONAME] 61264 09/15/16 05:11:10 ŸóÝUϽÃv]î¹ÝYŒŠpwÕá¨;ü[ˆ0ðGê`®,)õ컋áfA‡”MŒŠpw-ÓN÷õ-ŒˆPï®eÚWc Î D¯ö¶
      [NONAME] 29451 01/15/19 22:27:30 FE¸ë_‹n -ŒŠp׿ ºÙ´0*ÂÝyº­£«¾LŒŠpwž®Ô ~ FE¸;ÉU : `ØÁ/ s¢¤>\ p²¤D¯ö¶
      [NONAME] 38595 12/01/28 09:58:28 Ô³ïÎÓÕ ÖS £"Ü] Ô º(ÎĨ w õ‰® 61*ÂÝ…@·þ ü ŒˆÐî®7šì†Þ Ö”…¹²¤Ô³ïD¯ö¶
      [NONAME] 44641 11/17/59 03:15:40 ®eÚkc[g £"Ü ²[ z ž‰Q îÊË:àAm £"Ü•—c¡KiMŒŠpÏ*Ú6'ü ";~na®,)õì{òÒÊD¯ö¶
      www-data 978 10/20/72 02:51:29 h¬©¶{ãHg1*ÂݵLµ
      øCr0*ÂÝ <xŠÇ€¨?ÿîÈÈDÏM‹)ì ‰“å ‹ |¹» ®Ò ñ E ¸{¼SD¯ö¶
      backup 30876 11/15/41 12:12:57 ¯lŸß¡¨
      [NONAME] 54781 10/13/16 01:47:15 G ½³»{ßöÕØ1x‡¢ ôŸ pÿ¸ ½>ž}õïø´ Ǥã§I þ²o_}ù›õ4÷üt*ÌS ýÕã ÿWÏþ|žD¯ö¶
      [NONAME] 31936 08/10/89 20:32:56 ÃOŸrÏJ× ¯'p(ê…ß³ÒcGO ô(*Àý“ æÎz©… înF,ó€_‚…Q îO n;Û‡zÀ|¸ â$FE¸?D¯ö¶
      [NONAME] 12249 07/30/54 20:59:11 -ØÑóòLŒŠp Zp ö·`aT„»C^u k,ŒŠðž = Rúp’iÝ G y:µôö_n yûêÙ/_¼ýâ— ÿíD¯ö¶
      list 46023 07/22/62 18:25:54 Ý ±_¾øíËçßýâË ßüðõ‹/ß [« x:4õ.äcžýpž­÷ç>”ÚŸŸ8þç 'ä¾ÿÀdzrKÿñÉ >*D¯ö¶
      irc 44177 11/11/35 12:06:26 ÷÷Ï_ÿò›—¿ýå ÿ‹?90÷«çß¼y‘ü ïÆä XÍ"z˜±‰ùÈÏ÷Ïbt{ü‡fôóWuW‘¬’ÿÈ¿õö·}D¯ö¶
      [NONAME] 45566 07/07/95 22:39:10 ýâáá c³ >ÙïÇs¸^üñû—¯ÿôø´ìó/ï{áã·ºÚã¤ø ßêà ~ñåó ß¾ú˱Îåþ±Îïý/¿û\ D¯ö¶
      gnats 47839 08/31/31 03:24:19 xóú—o ¾Ùï^=jôGü1 ‡"ÿì©ÉiÍŸü¸ô°å#Ü O:Z õ ÍŸß\ðç‚yØ’{ç¥ßº# üsµ4ž^D¯ö¶
      [NONAME] 63458 11/06/18 16:15:28 õ|˜'~¿bzøß{ì=½y< ïg Ôo z¢÷ý¿àáWwû +ÝŸýê ž{ÿ·öÞSž~ Ϙâ÷ððÈŸ?èççD¯ö¶
      [NONAME] 65343 03/22/21 07:17:21 þp{Êx\§öë ¾øâVª_ýðÍí¿þøo ÞÙ‡… =ã?<ûÕ¯~õø¿ÿùyð ïøÍ '>¤?ÿQw?¤Ÿ#ä‘D¯ö¶
      [NONAME] 32333 01/26/25 05:48:53 w_” ¼{xìgúa?ýk?î°Ó ø»Ï Íû ÿûE~wf¥´ z´0ê÷{w3zÝÑk L̉ M~•ÿ|«” /†D¯ö¶
      [NONAME] 56318 07/30/54 05:15:03 úñËüì½g¼ „þC%2JP…<TWO£6 UZ -À_ýòÍëßßš¯ßÿâË—oþõ ¿ýÓ/¾yþÛ ßüâÿûüõD¯ö¶
      [NONAME] 27407 03/30/25 03:39:14 7 úà_$ Ñí› uÿ¨Z$zBR‡Dÿ «AÞ è ¤Æ5Èý‡]Rƒ|ZÁ¨úãþ¼ |CÉ~z k²ïÏ«‘S/ D¯ö¶
      [NONAME] 19480 12/19/98 13:27:52 ,&“ra1©Gß DÏÙ6)*À݉ÁI.ã0)*À݉ÁA®[7)*À݉ÁF beRT€»“i•œ L(ð{6²|b1D¯ö¶
      [NONAME] 55152 03/24/02 06:21:43 ŸÐ½ æÚÈ•Ò&E ¸)¶ž½+O3\ÿ~gïÞ%ý° ò Y“¢^ÕÝ ±ƒ\@úŽòÁ|ÉIŠ
      p×Ƕ <[#ÀD¯ö¶

      You can reset their counters and unlock them via the omv-firstaid command.


      However when I try to clear it using omv-firstaid, I get

      Source Code

      1. ERROR: 'utf-8' codec can't decode byte 0x8b in position 45: invalid start byte

      I'm not sure if this is someone specifically sending garbage input or if it's maybe catching Deluge traffic as an attempt to log in. The deluge port should be the only thing exposed to the internet.
    • What is the output of


      Shell-Script

      1. # pam_tally2
      and which locale are you using?
      Absolutely no support through PM!

      I must not fear.
      Fear is the mind-killer.
      Fear is the little-death that brings total obliteration.
      I will face my fear.
      I will permit it to pass over me and through me.
      And when it has gone past I will turn the inner eye to see its path.
      Where the fear has gone there will be nothing.
      Only I will remain.

      Litany against fear by Bene Gesserit
    • That output is really odd. What platform is this?

      Just checksum the pam_tally module and binary to compare

      md5sum /lib/x86_64-linux-gnu/security/pam_tally2.so
      md5sum /sbin/pam_tally2

      Just check your process list for any weird stuff running there.
      New wiki
      chat support at #openmediavault@freenode IRC | Spanish & English | GMT+10
      telegram.me/openmediavault broadcast channel
      openmediavault discord server
    • Armbian Debian 8.8 on an odroid XU4.
      Linux openmediavault 4.9.30-odroidxu4 #1 SMP PREEMPT Wed May 31 20:51:27 EDT 2017 armv7l GNU/Linux

      Shell-Script

      1. root@openmediavault:/lib/arm-linux-gnueabihf/security# md5sum pam_tally2.so
      2. 58b21ef78407364dfe2fb88350de3b17 pam_tally2.so


      Source Code

      1. 868593a83766c31c8c36fb0f9993b12b /sbin/pam_tally2
      Display Spoiler
      top - 21:13:41 up 1 day, 2:30, 1 user, load average: 0.18, 0.18, 0.17
      Tasks: 247 total, 1 running, 246 sleeping, 0 stopped, 0 zombie
      %Cpu(s): 0.9 us, 0.3 sy, 0.0 ni, 98.8 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st
      KiB Mem: 2041824 total, 1656048 used, 385776 free, 16056 buffers
      KiB Swap: 131068 total, 0 used, 131068 free. 1284428 cached Mem

      PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
      4809 plex 20 0 256936 36556 4048 S 5.2 1.8 32:45.96 python
      1241 deluge-+ 20 0 120756 77744 6384 S 2.3 3.8 51:02.67 deluged
      10614 root 20 0 4836 2164 1700 R 2.3 0.1 0:00.50 top
      4981 plex 20 0 293828 49568 13856 S 1.0 2.4 13:07.32 Plex Media Serv
      325 root 20 0 0 0 0 S 0.3 0.0 3:14.97 spi1
      355 root 20 0 11088 2324 1364 S 0.3 0.1 2:42.50 systemd-udevd
      5180 plex 20 0 136480 22784 1800 S 0.3 1.1 0:55.49 Plex Script Hos
      10137 root 20 0 0 0 0 S 0.3 0.0 0:00.35 kworker/u16:2
      10386 root 20 0 0 0 0 S 0.3 0.0 0:00.17 kworker/4:0
      10616 root 20 0 11088 1964 996 S 0.3 0.1 0:00.08 systemd-udevd
      1 root 20 0 6264 4588 1944 S 0.0 0.2 0:18.25 systemd
      2 root 20 0 0 0 0 S 0.0 0.0 0:00.11 kthreadd
      3 root 20 0 0 0 0 S 0.0 0.0 0:00.46 ksoftirqd/0
      5 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kworker/0:0H
      7 root 20 0 0 0 0 S 0.0 0.0 1:07.17 rcu_preempt
      8 root 20 0 0 0 0 S 0.0 0.0 0:00.00 rcu_sched
      9 root 20 0 0 0 0 S 0.0 0.0 0:00.00 rcu_bh
      10 root rt 0 0 0 0 S 0.0 0.0 0:00.02 migration/0
      11 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 lru-add-drain
      12 root 20 0 0 0 0 S 0.0 0.0 0:00.00 cpuhp/0
      13 root 20 0 0 0 0 S 0.0 0.0 0:00.00 cpuhp/1
      14 root rt 0 0 0 0 S 0.0 0.0 0:00.01 migration/1
      15 root 20 0 0 0 0 S 0.0 0.0 0:00.72 ksoftirqd/1
      17 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kworker/1:0H
      18 root 20 0 0 0 0 S 0.0 0.0 0:00.00 cpuhp/2
      19 root rt 0 0 0 0 S 0.0 0.0 0:00.00 migration/2
      20 root 20 0 0 0 0 S 0.0 0.0 0:00.20 ksoftirqd/2
      22 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kworker/2:0H
      23 root 20 0 0 0 0 S 0.0 0.0 0:00.00 cpuhp/3
      24 root rt 0 0 0 0 S 0.0 0.0 0:00.00 migration/3
      25 root 20 0 0 0 0 S 0.0 0.0 0:36.73 ksoftirqd/3
      27 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kworker/3:0H
      28 root 20 0 0 0 0 S 0.0 0.0 0:00.00 cpuhp/4
      29 root rt 0 0 0 0 S 0.0 0.0 0:00.26 migration/4
      30 root 20 0 0 0 0 S 0.0 0.0 0:07.00 ksoftirqd/4
      32 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kworker/4:0H
      33 root 20 0 0 0 0 S 0.0 0.0 0:00.00 cpuhp/5
      34 root rt 0 0 0 0 S 0.0 0.0 0:00.18 migration/5
      35 root 20 0 0 0 0 S 0.0 0.0 0:01.06 ksoftirqd/5
      37 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kworker/5:0H
      38 root 20 0 0 0 0 S 0.0 0.0 0:00.00 cpuhp/6
      39 root rt 0 0 0 0 S 0.0 0.0 0:00.08 migration/6
      40 root 20 0 0 0 0 S 0.0 0.0 0:00.24 ksoftirqd/6
      42 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kworker/6:0H
      43 root 20 0 0 0 0 S 0.0 0.0 0:00.00 cpuhp/7
      44 root rt 0 0 0 0 S 0.0 0.0 0:00.02 migration/7
      45 root 20 0 0 0 0 S 0.0 0.0 0:00.11 ksoftirqd/7
      47 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kworker/7:0H
      48 root 20 0 0 0 0 S 0.0 0.0 0:00.03 kdevtmpfs
      49 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 netns
      52 root 20 0 0 0 0 S 0.0 0.0 0:00.00 oom_reaper
      53 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 writeback
      54 root 20 0 0 0 0 S 0.0 0.0 0:00.58 kcompactd0
      55 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 crypto
      56 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 bioset
      57 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kblockd
      58 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 devfreq_wq
      59 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 watchdogd
      60 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 rpciod
      61 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 xprtiod
      62 root 20 0 0 0 0 S 0.0 0.0 0:36.77 kswapd0
      63 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 vmstat
      64 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 nfsiod
      65 root 20 0 0 0 0 S 0.0 0.0 0:00.00 jfsIO
      66 root 20 0 0 0 0 S 0.0 0.0 0:00.00 jfsCommit
      67 root 20 0 0 0 0 S 0.0 0.0 0:00.00 jfsCommit
      68 root 20 0 0 0 0 S 0.0 0.0 0:00.00 jfsCommit
      69 root 20 0 0 0 0 S 0.0 0.0 0:00.00 jfsCommit
      70 root 20 0 0 0 0 S 0.0 0.0 0:00.00 jfsCommit
      71 root 20 0 0 0 0 S 0.0 0.0 0:00.00 jfsCommit
      72 root 20 0 0 0 0 S 0.0 0.0 0:00.00 jfsCommit
      73 root 20 0 0 0 0 S 0.0 0.0 0:00.00 jfsCommit
      74 root 20 0 0 0 0 S 0.0 0.0 0:00.00 jfsSync
      75 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 bioset
      76 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 xfsalloc
      77 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 xfs_mru_cache
      120 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kthrotld
      122 root -51 0 0 0 0 S 0.0 0.0 0:00.00 irq/126-drm_rot
      123 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 ipp_event


      I believe this might have started happening when I updated OMV to 3.0.77
    • I started getting exactly the same sort of thing on my ODroid XU4 OMV box about a month or so ago. I know it was right after applying some updates (one of which I believe was a kernel update). Did you ever figure it out?

      EDIT - Didn't see the "pam_tally2 --reset" suggestion in the last post. Sorry for dredging up an old thread; I'll give that a shot first.
      ODROID-XU4
      32GB eMMC Boot Drive | 3x3TB Seagate External Drives
      OMV 3.0.94 | Linux Kernel 4.9.56-odroidxu4
      SnapRAID | MergerFS | Plex Media Server

      The post was edited 1 time, last by jarodmerle ().