Take a webcam photo when someone attempts to guess your Linux login password

No image preview
IT /
Security/

#security

#linux

#system

#administration

Share

Today, we'll demonstrate how easy it is to set up a bit of extra security on your Linux system. We'll explore PAM (Pluggable Authentication Modules) and create a small script that captures a photo with your webcam when someone tries to guess your Linux password—whether it's a nosy roommate or another curious individual.

 

 

We'll start by creating a bash script that takes a photo upon a login failure and give it the necessary permissions to execute.


Open terminal with CTRL+ALT+T and type:

 

sudo nano /usr/local/bin/capture_photo.sh

 

 

 

Copy or write the following script, then press CTRL+S to save the file, and press CTRL+X to exit the nano editor

 

#!/bin/bash

# Directory where photos will be saved
PHOTO_DIR="/var/log/failed_login_photos"
TIMESTAMP=$(date +"%Y-%m-%d_%H-%M-%S")
PHOTO_PATH="$PHOTO_DIR/failed_login_$TIMESTAMP.jpg"

# Create the directory if it doesn't exist
mkdir -p $PHOTO_DIR

# Capture the photo
ffmpeg -f v4l2 -i /dev/video0 -vframes 1 $PHOTO_PATH

# Set proper permissions
chmod 644 $PHOTO_PATH

# Change ownership
chown username:group $PHOTO_PATH



 

It is necessary to give the script executable permission so that it can be called when the specified condition is met.

 

 

sudo chmod +x /usr/local/bin/capture_photo.sh

 

 

After successfully creating the script, we need to adjust the PAM settings to specify the conditions under which the script should be executed.
For that, open etc/pam.d/system-auth as root and modify as following.

 

Your system's PAM configuration file might look slightly different, so locate the line with pam_unix.so nullok and change success from 1 to 2. This ensures that on a successful login, the next two auth lines are skipped, so our script will not interfere with valid logins.

 

Next, we need to add a line to call our script in the auth section for failure scenarios.


 

auth       [default=ignore success=ok user_unknown=ignore auth_err=bad]          pam_exec.so          /usr/local/bin/capture_photo.sh



This is how it should look at the end.

 

#%PAM-1.0

auth       required                    pam_faillock.so      preauth
# Optionally use requisite above if you do not want to prompt for the password
# on locked accounts.


-auth      [success=2 default=ignore]  pam_systemd_home.so
auth       [success=2 default=bad]     pam_unix.so          try_first_pass nullok
auth       [default=ignore success=ok user_unknown=ignore auth_err=bad]          pam_exec.so          /usr/local/bin/capture_photo.sh
auth       [default=die]               pam_faillock.so      authfail
auth       optional                    pam_permit.so
auth       required                    pam_env.so
auth       required                    pam_faillock.so      authsucc




That have been quite short and easy, isn't it? Linux is great!

Log out of your system and check if everything works as expected. You can find the captured photos in the /var/log/failed_photos folder.
Stay connected. 

Contribution:
Photo by Darlene Alderson: https://www.pexels.com/photo/people-typing-on-their-laptops-4385545/

[root@techtoapes]$ whoami
[root@techtoapes]$ Author Luka

Login to comment.

Admin Luka #1
“ When there is no desire, all things are at peace. ” — Laozi