NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: bin/42540: /usr/bin/login does not log normal logins, does not log IP addresses
On Tue, Dec 29, 2009 at 03:50:04PM +0000, Christos Zoulas wrote:
> | Yes, because it is only being passed in the hostname; it does not
> | lookup anything. Even the hostname passed can be bogus (although
> | one presumes that the daemon that forks login is trusted).
> |
> | So your desired behavior is to use getpeername(2) to determine if
> | the login is remote and always syslog(LOG_INFO the infomation?
>
> Now that I looked more into it, it will use getpeername(2) to fill in
> the address in wtmpx. Isn't that good enough? (looking through the wtmpx
> records?)
It's nowhere near as good as syslog for audit trails - syslogs can be
sent immediately to another host for safekeeping, while wtmp is stored
locally and is the first thing that gets zapped after a successful
break-in. Also, once it's in syslog, it can be tracked by a whole bunch
of automated tools (for people doing security auditing, IDS, etc.).
All the more recently written programs that do authentication, like ftpd
and sshd, generate syslog messages for logins.
-- Ed
Home |
Main Index |
Thread Index |
Old Index