sudo: 3 incorrect password attempts - can root see the password in clear text?

Clash Royale CLAN TAG#URR8PPP

up vote
3
down vote

favorite

If some user can't access some command with sudo 3 times, this should be reported to root user in access logserrors..

Can root see these attempts (like passwords tried) in text in the logs?

sudo password security

share|improve this question

edited 6 mins ago

guntbert

8,835123067

asked 2 hours ago

DoanldF

435

New contributor

DoanldF is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

up vote
3
down vote

favorite

If some user can't access some command with sudo 3 times, this should be reported to root user in access logserrors..

Can root see these attempts (like passwords tried) in text in the logs?

sudo password security

share|improve this question

edited 6 mins ago

guntbert

8,835123067

asked 2 hours ago

DoanldF

435

New contributor

DoanldF is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

up vote
3
down vote

favorite

up vote
3
down vote

favorite

If some user can't access some command with sudo 3 times, this should be reported to root user in access logserrors..

Can root see these attempts (like passwords tried) in text in the logs?

sudo password security

share|improve this question

edited 6 mins ago

guntbert

8,835123067

asked 2 hours ago

DoanldF

435

New contributor

DoanldF is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

If some user can't access some command with sudo 3 times, this should be reported to root user in access logserrors..

Can root see these attempts (like passwords tried) in text in the logs?

sudo password security

sudo password security

share|improve this question

edited 6 mins ago

guntbert

8,835123067

asked 2 hours ago

DoanldF

435

New contributor

DoanldF is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

share|improve this question

edited 6 mins ago

guntbert

8,835123067

asked 2 hours ago

DoanldF

435

New contributor

DoanldF is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

share|improve this question

share|improve this question

edited 6 mins ago

guntbert

8,835123067

edited 6 mins ago

guntbert

8,835123067

edited 6 mins ago

guntbert

8,835123067

8,835123067

asked 2 hours ago

DoanldF

435

New contributor

DoanldF is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

asked 2 hours ago

DoanldF

435

asked 2 hours ago

DoanldF

435

435

New contributor

DoanldF is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

New contributor

DoanldF is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

DoanldF is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

add a comment | 

2 Answers
2

active

oldest

votes

up vote
3
down vote



accepted

No, passwords are not logged by default. This would be a security problem, as logs may be read by other administrators, allowing impersonation of the user in case of a slightly mistyped password.

share|improve this answer

answered 1 hour ago

vidarlo

7,46942140

add a comment | 

up vote
2
down vote

Logging in attempts successful and unsuccesful are logged in

/var/log/auth.log

Example of a succesful attempt:

Oct 23 21:24:01 schijfwereld sudo: rinzwind : TTY=pts/0 ; PWD=/home/rinzwind ; USER=root ; COMMAND=/bin/bash
Oct 23 21:24:01 schijfwereld sudo: pam_unix(sudo:session): session opened for user root by (uid=0)

And unsuccesful:

Oct 23 21:25:33 schijfwereld sudo: pam_unix(sudo:auth): authentication failure; logname= uid=1000 euid=0 tty=/dev/pts/1 ruser=rinzwind rhost= user=rinzwind
Oct 23 21:26:02 schijfwereld sudo: rinzwind : 3 incorrect password attempts ; TTY=pts/1 ; PWD=/home/rinzwind ; USER=root ; COMMAND=/bin/bash

It logs the failed attempt and logs also the total of 3 wrongly typed passwords.

Passwords for sudo attempts are never shown or stored.

share|improve this answer

answered 1 hour ago

Rinzwind

199k26381513

add a comment | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "89"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

DoanldF is a new contributor. Be nice, and check out our Code of Conduct.

 

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1086498%2fsudo-3-incorrect-password-attempts-can-root-see-the-password-in-clear-text%23new-answer', 'question_page');

);

Post as a guest

Name Email

2 Answers
2

active

oldest

votes

2 Answers
2

active

oldest

votes

active

oldest

votes

active

oldest

votes

up vote
3
down vote



accepted

No, passwords are not logged by default. This would be a security problem, as logs may be read by other administrators, allowing impersonation of the user in case of a slightly mistyped password.

share|improve this answer

answered 1 hour ago

vidarlo

7,46942140

add a comment | 

up vote
3
down vote



accepted

No, passwords are not logged by default. This would be a security problem, as logs may be read by other administrators, allowing impersonation of the user in case of a slightly mistyped password.

share|improve this answer

answered 1 hour ago

vidarlo

7,46942140

add a comment | 

up vote
3
down vote



accepted

up vote
3
down vote



accepted

No, passwords are not logged by default. This would be a security problem, as logs may be read by other administrators, allowing impersonation of the user in case of a slightly mistyped password.

share|improve this answer

answered 1 hour ago

vidarlo

7,46942140

No, passwords are not logged by default. This would be a security problem, as logs may be read by other administrators, allowing impersonation of the user in case of a slightly mistyped password.

share|improve this answer

answered 1 hour ago

vidarlo

7,46942140

share|improve this answer

share|improve this answer

answered 1 hour ago

vidarlo

7,46942140

answered 1 hour ago

vidarlo

7,46942140

answered 1 hour ago

vidarlo

7,46942140

7,46942140

add a comment | 

add a comment | 

up vote
2
down vote

Logging in attempts successful and unsuccesful are logged in

/var/log/auth.log

Example of a succesful attempt:

Oct 23 21:24:01 schijfwereld sudo: rinzwind : TTY=pts/0 ; PWD=/home/rinzwind ; USER=root ; COMMAND=/bin/bash
Oct 23 21:24:01 schijfwereld sudo: pam_unix(sudo:session): session opened for user root by (uid=0)

And unsuccesful:

Oct 23 21:25:33 schijfwereld sudo: pam_unix(sudo:auth): authentication failure; logname= uid=1000 euid=0 tty=/dev/pts/1 ruser=rinzwind rhost= user=rinzwind
Oct 23 21:26:02 schijfwereld sudo: rinzwind : 3 incorrect password attempts ; TTY=pts/1 ; PWD=/home/rinzwind ; USER=root ; COMMAND=/bin/bash

It logs the failed attempt and logs also the total of 3 wrongly typed passwords.

Passwords for sudo attempts are never shown or stored.

share|improve this answer

answered 1 hour ago

Rinzwind

199k26381513

add a comment | 

up vote
2
down vote

Logging in attempts successful and unsuccesful are logged in

/var/log/auth.log

Example of a succesful attempt:

Oct 23 21:24:01 schijfwereld sudo: rinzwind : TTY=pts/0 ; PWD=/home/rinzwind ; USER=root ; COMMAND=/bin/bash
Oct 23 21:24:01 schijfwereld sudo: pam_unix(sudo:session): session opened for user root by (uid=0)

And unsuccesful:

Oct 23 21:25:33 schijfwereld sudo: pam_unix(sudo:auth): authentication failure; logname= uid=1000 euid=0 tty=/dev/pts/1 ruser=rinzwind rhost= user=rinzwind
Oct 23 21:26:02 schijfwereld sudo: rinzwind : 3 incorrect password attempts ; TTY=pts/1 ; PWD=/home/rinzwind ; USER=root ; COMMAND=/bin/bash

It logs the failed attempt and logs also the total of 3 wrongly typed passwords.

Passwords for sudo attempts are never shown or stored.

share|improve this answer

answered 1 hour ago

Rinzwind

199k26381513

add a comment | 

up vote
2
down vote

up vote
2
down vote

Logging in attempts successful and unsuccesful are logged in

/var/log/auth.log

Example of a succesful attempt:

Oct 23 21:24:01 schijfwereld sudo: rinzwind : TTY=pts/0 ; PWD=/home/rinzwind ; USER=root ; COMMAND=/bin/bash
Oct 23 21:24:01 schijfwereld sudo: pam_unix(sudo:session): session opened for user root by (uid=0)

And unsuccesful:

Oct 23 21:25:33 schijfwereld sudo: pam_unix(sudo:auth): authentication failure; logname= uid=1000 euid=0 tty=/dev/pts/1 ruser=rinzwind rhost= user=rinzwind
Oct 23 21:26:02 schijfwereld sudo: rinzwind : 3 incorrect password attempts ; TTY=pts/1 ; PWD=/home/rinzwind ; USER=root ; COMMAND=/bin/bash

It logs the failed attempt and logs also the total of 3 wrongly typed passwords.

Passwords for sudo attempts are never shown or stored.

share|improve this answer

answered 1 hour ago

Rinzwind

199k26381513

Logging in attempts successful and unsuccesful are logged in

/var/log/auth.log

Example of a succesful attempt:

Oct 23 21:24:01 schijfwereld sudo: rinzwind : TTY=pts/0 ; PWD=/home/rinzwind ; USER=root ; COMMAND=/bin/bash
Oct 23 21:24:01 schijfwereld sudo: pam_unix(sudo:session): session opened for user root by (uid=0)

And unsuccesful:

Oct 23 21:25:33 schijfwereld sudo: pam_unix(sudo:auth): authentication failure; logname= uid=1000 euid=0 tty=/dev/pts/1 ruser=rinzwind rhost= user=rinzwind
Oct 23 21:26:02 schijfwereld sudo: rinzwind : 3 incorrect password attempts ; TTY=pts/1 ; PWD=/home/rinzwind ; USER=root ; COMMAND=/bin/bash

It logs the failed attempt and logs also the total of 3 wrongly typed passwords.

Passwords for sudo attempts are never shown or stored.

share|improve this answer

answered 1 hour ago

Rinzwind

199k26381513

share|improve this answer

share|improve this answer

answered 1 hour ago

Rinzwind

199k26381513

answered 1 hour ago

Rinzwind

199k26381513

answered 1 hour ago

Rinzwind

199k26381513

199k26381513

add a comment | 

add a comment | 

DoanldF is a new contributor. Be nice, and check out our Code of Conduct.

 

draft saved

draft discarded

DoanldF is a new contributor. Be nice, and check out our Code of Conduct.

DoanldF is a new contributor. Be nice, and check out our Code of Conduct.

DoanldF is a new contributor. Be nice, and check out our Code of Conduct.

 

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1086498%2fsudo-3-incorrect-password-attempts-can-root-see-the-password-in-clear-text%23new-answer', 'question_page');

);

Post as a guest

Name Email

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

Name Email

Name

Email

Name Email

Name

Email