Date: Mon, 10 May 2010 12:39:31 -0400 From: David Schultz <das@FreeBSD.ORG> To: Ed Schouten <ed@80386.nl> Cc: freebsd-arch@FreeBSD.ORG Subject: Re: [Extension] utmpx and LOGIN_FAILURE Message-ID: <20100510163931.GA2902@zim.MIT.EDU> In-Reply-To: <20100501124544.GR56080@hoeg.nl>
index | next in thread | previous in thread | raw e-mail
On Sat, May 01, 2010, Ed Schouten wrote: > Some time ago I noticed some operating systems offer an interface called > btmp, which is essentially a wtmp for logging failed login attempts. > Instead of taking the same approach, I'd rather do something as follows: > > http://80386.nl/pub/utmpx-login_failure.diff.txt > > This patch adds a new utmpx log entry type called LOGIN_FAILURE. > Unfortunately we are the only operating system that does it this way, > but I suspect if we can already get OpenSSH and PAM to use this > interface, we've got reasonable coverage. The patch only has the > modifications for OpenSSH. An important question is whether the purpose of utmpx is accounting (keeping track of users' resource consumption) or auditing (creating a record of events that are relevant to security). My impression was that utmpx is mainly for the former, whereas auditd is a better tool for the latter. This proposal seems to conflate the two a bit; maybe utmpx isn't the right place for this functionality.help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100510163931.GA2902>