Subject: bin/2075: change root login failures to LOG_WARNING?
To: None <gnats-bugs@NetBSD.ORG>
From: Chris Jones <>
List: netbsd-bugs
Date: 02/13/1996 12:43:59
>Number:         2075
>Category:       bin
>Synopsis:       change root login failures to LOG_WARNING?
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bin-bug-people (Utility Bug People)
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Tue Feb 13 15:50:01 1996
>Originator:     Chris Jones
* Chris  | "You can't say that Microsoft hasn't ever put the buggy       *
*  Jones |  before the horse."                             -Mark Wistey  *
>Release:        1.1
System: NetBSD 1.1 NetBSD 1.1 (SLIM) #0: Wed Nov 22 13:02:54 MST 1995 mac68k

Maybe root login failures should be changed from LOG_NOTICE to
LOG_WARNING, to put them in a separate class from general login
failures.  I'd think that most sysadmins would be much more concerned
about root login failures than other login failures.

I can either get a log of all login (and su) failures, or I can get a
log of none.  I'd like to be able to get a log of only the ones that
could represent a serious security breach, though.

This will require changing login, su, and probably some kerberos
things.  I could make up a patch for login and su, but it would take a
while, since I'm not familiar with them and don't have tons of free
time.  If I get around to it, I'll submit another pr.