Subject: Re: logging bad login attempts
To: John F. Woods <firstname.lastname@example.org>
From: Luke Mewburn <email@example.com>
Date: 03/08/1995 10:58:08
> > > It does not appear to be possible to log failed login attempts
> > > with the supplied login. (ie the attempted login, etc.)
> > # The authpriv log file should be restricted access;
> > # these messages shouldn't go to terminals or publically-readable files.
> > authpriv.* /var/log/secure
> > then it'll do what you want.
> Make absolutely sure, though, that it's really what you want: logging
> actual supplied logins is often a great way to offer cleartext passwords
> to an adversary...
Which is why you have
So none of the authpriv messages (those that actually display the
failed login) goto /var/log/messages, but they do go to
/var/log/secure (which you have with 600 perms.)
Luke Mewburn, <firstname.lastname@example.org>
`Think of it as Evolution in Action.' - "Oath of Fealty", Niven & Pournelle