From owner-freebsd-security  Mon May 25 01:19:19 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id BAA25671
          for freebsd-security-outgoing; Mon, 25 May 1998 01:19:19 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from antipodes.cdrom.com (castles213.castles.com [208.214.165.213])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id BAA25650
          for <freebsd-security@FreeBSD.ORG>; Mon, 25 May 1998 01:19:14 -0700 (PDT)
          (envelope-from mike@antipodes.cdrom.com)
Received: from antipodes.cdrom.com (localhost [127.0.0.1])
	by antipodes.cdrom.com (8.8.8/8.8.5) with ESMTP id AAA11151;
	Mon, 25 May 1998 00:15:07 -0700 (PDT)
Message-Id: <199805250715.AAA11151@antipodes.cdrom.com>
X-Mailer: exmh version 2.0zeta 7/24/97
To: Philippe Regnauld <regnauld@deepo.prosa.dk>
cc: Wes Peters <wes@softweyr.com>, freebsd-security@FreeBSD.ORG
Subject: Re: SKey and locked account 
In-reply-to: Your message of "Mon, 25 May 1998 09:43:31 +0200."
             <19980525094331.20142@deepo.prosa.dk> 
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Date: Mon, 25 May 1998 00:15:06 -0700
From: Mike Smith <mike@smith.net.au>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by hub.freebsd.org id BAA25657
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk

> Mike Smith writes:
> > >     syslog(LOG_CRIT, "%s on %s", user, device);
> > 
> > Why LOG_CRIT?  I would have expected something a little lower perhaps?
> > (Especially if you're using it in an ISP context...)
> > 
> > At any rate, how do people feel about this?  How about a shellscript 
> > version using logger(8)?
> 
> 	I'd like failed logins (at least on disabled accounts) to be logged,
> 	yes.  It would also be a nice plus if logging could be limited...

Limiting is a bit difficult (no state is preserved across multiple 
nologin invocations).  You could perhaps rely on the 'last message 
repeat' feature in syslog...

-- 
\\  Sometimes you're ahead,       \\  Mike Smith
\\  sometimes you're behind.      \\  mike@smith.net.au
\\  The race is long, and in the  \\  msmith@freebsd.org
\\  end it's only with yourself.  \\  msmith@cdrom.com



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message