Login not updating faillog
But, it is important to choose a command that exists on the system so that input validation passes.
If the system's PAM (pluggable authentication module) subsystem has been configured to detect, tally and enforce lockout for failed logins, then the ISIM Linux service settings must reflect that configuration.
Have it run hourly, writing the output of 'faillog -a' to a text file everyone has access to.
Is there a way to either safely temporarily escalate privileges to run that command on the motd, or temporarily give that user access to faillog to get that response?
File or directory where failed login records are found Specifies the absolute path to the location of the failed login attempt datastore, if it is not the default datastore.
This field applies to faillock and pam_tally2 only. Maximum failed logins allowed Specifies the maximum number of failed logins that can occur before an account is locked.
Command used to query failed logins Specifies the system command used to detect and tally failed login attempts and enforce account lockout.
This command must be configured through the PAM mechanism.