Subject: bin/2075: change root login failures to LOG_WARNING?
To: None <gnats-bugs@NetBSD.ORG>
From: Chris Jones <cjones@rupert.oscs.montana.edu>
List: netbsd-bugs
Date: 02/13/1996 12:43:59
>Number: 2075
>Category: bin
>Synopsis: change root login failures to LOG_WARNING?
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: bin-bug-people (Utility Bug People)
>State: open
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Tue Feb 13 15:50:01 1996
>Last-Modified:
>Originator: Chris Jones
>Organization:
***********************cjones@rupert.oscs.montana.edu*********************
* Chris | "You can't say that Microsoft hasn't ever put the buggy *
* Jones | before the horse." -Mark Wistey *
**************************************************************************
>Release: 1.1
>Environment:
System: NetBSD rupert.oscs.montana.edu 1.1 NetBSD 1.1 (SLIM) #0: Wed Nov 22 13:02:54 MST 1995 cjones@rupert.oscs.montana.edu:/home/src/sys/arch/mac68k/compile/SLIM mac68k
>Description:
Maybe root login failures should be changed from LOG_NOTICE to
LOG_WARNING, to put them in a separate class from general login
failures. I'd think that most sysadmins would be much more concerned
about root login failures than other login failures.
>How-To-Repeat:
I can either get a log of all login (and su) failures, or I can get a
log of none. I'd like to be able to get a log of only the ones that
could represent a serious security breach, though.
>Fix:
This will require changing login, su, and probably some kerberos
things. I could make up a patch for login and su, but it would take a
while, since I'm not familiar with them and don't have tons of free
time. If I get around to it, I'll submit another pr.
>Audit-Trail:
>Unformatted: