Subject: Re: logging bad login attempts
To: John F. Woods <>
From: Luke Mewburn <>
List: current-users
Date: 03/08/1995 10:58:08
> > > It does not appear to be possible to log failed login attempts
> > > with the supplied login.  (ie the attempted login, etc.)
> > # The authpriv log file should be restricted access;
> > # these messages shouldn't go to terminals or publically-readable files.
> > authpriv.*                                      /var/log/secure
> > then it'll do what you want.

> Make absolutely sure, though, that it's really what you want:  logging
> actual supplied logins is often a great way to offer cleartext passwords
> to an adversary...

Which is why you have
	authpriv.*			/var/log/secure
	...,authpriv.none,...		/var/log/messages

So none of the authpriv messages (those that actually display the
failed login) goto /var/log/messages, but they do go to
/var/log/secure (which you have with 600 perms.)

Luke Mewburn, <>
`Think of it as Evolution in Action.' - "Oath of Fealty", Niven & Pournelle