by redmail.netbsd.org with SMTP; 31 Jan 2000 00:08:29 -0000
	by grog.cjones.org (8.8.8/8.8.8) id RAA03694;
	Sun, 30 Jan 2000 17:07:34 -0700 (MST)
To: tech-security@netbsd.org
Subject: PR security/2075
From: Chris Jones <chris@cjones.org>
Date: 30 Jan 2000 17:07:32 -0700
Message-ID: <86hffvkssb.fsf@grog.cjones.org>
Lines: 20
User-Agent: Gnus/5.0803 (Gnus v5.8.3) Emacs/20.5
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii

This is an old PR, submitted by me way back when.  I've now become
responsible for it (Thanks, Eric!), but I'm no longer convinced that
it's unequivocally a good idea.

The idea is to raise the syslog priority of failed logins to the root
account, from LOG_WARNING to LOG_NOTICE.  Incidentally, our
syslog.conf, as distributed, sends a copy of any auth.notice events to
the console, and *.notice to root.  That pretty much encompasses the
argument for it.

The argument against is that too much information from syslog can
often be worse than too little.

Chris

-- 
-----------------------------------------------------chris@cjones.org
Chris Jones                                          cjones@honors.montana.edu
           Mad scientist at large
"Is this going to be a stand-up programming session, sir, or another bug hunt?"