Subject: Re: logging bad login attempts
To: Randy Terbush <email@example.com>
From: John F. Woods <firstname.lastname@example.org>
Date: 03/07/1995 14:33:08
> > It does not appear to be possible to log failed login attempts
> > with the supplied login. (ie the attempted login, etc.)
> # The authpriv log file should be restricted access;
> # these messages shouldn't go to terminals or publically-readable files.
> authpriv.* /var/log/secure
> then it'll do what you want.
Make absolutely sure, though, that it's really what you want: logging
actual supplied logins is often a great way to offer cleartext passwords
to an adversary...