>Number:         2075
>Category:       bin
>Synopsis:       change root login failures to LOG_WARNING?
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bin-bug-people (Utility Bug People)
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Tue Feb 13 15:50:01 1996
>Last-Modified:
>Originator:     Chris Jones
>Organization:
***********************cjones@rupert.oscs.montana.edu*********************
* Chris  | "You can't say that Microsoft hasn't ever put the buggy       *
*  Jones |  before the horse."                             -Mark Wistey  *
**************************************************************************
>Release:        1.1
>Environment:
System: NetBSD rupert.oscs.montana.edu 1.1 NetBSD 1.1 (SLIM) #0: Wed Nov 22 13:02:54 MST 1995 cjones@rupert.oscs.montana.edu:/home/src/sys/arch/mac68k/compile/SLIM mac68k


>Description:
Maybe root login failures should be changed from LOG_NOTICE to
LOG_WARNING, to put them in a separate class from general login
failures.  I'd think that most sysadmins would be much more concerned
about root login failures than other login failures.

>How-To-Repeat:
I can either get a log of all login (and su) failures, or I can get a
log of none.  I'd like to be able to get a log of only the ones that
could represent a serious security breach, though.

>Fix:
This will require changing login, su, and probably some kerberos
things.  I could make up a patch for login and su, but it would take a
while, since I'm not familiar with them and don't have tons of free
time.  If I get around to it, I'll submit another pr.
>Audit-Trail:
>Unformatted: