From owner-freebsd-security Wed Oct 8 14:08:03 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id OAA14584 for security-outgoing; Wed, 8 Oct 1997 14:08:03 -0700 (PDT) (envelope-from owner-freebsd-security) Received: from bgbio.aubg.bg (root@bgbio.aubg.bg [193.68.137.97]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id OAA14524 for ; Wed, 8 Oct 1997 14:06:58 -0700 (PDT) (envelope-from ivaylo@bgbio.aubg.bg) Received: from localhost (ivaylo@localhost) by bgbio.aubg.bg (8.8.5/8.8.5) with SMTP id XAA03492 for ; Wed, 8 Oct 1997 23:43:58 +0300 (EEST) Date: Wed, 8 Oct 1997 23:43:58 +0300 (EEST) From: Ivaylo Kostadinov Reply-To: Ivaylo Kostadinov To: security@freebsd.org Subject: Re: How do I get warned about unsuccessful root login attemtps In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Wed, 8 Oct 1997, Stanley.Hopcroft@aipo.gov.au wrote: > Dear Ladies and Gentlemen, > > I am writing to ask how FreeBSD may alert me to unsuccessful root > login attempts (as distinct from a successful login) ? > I run a FreeBSD 2.2.2 machine, and it DOES log both successful and unsuccesfull root login attempts: Oct 8 23:27:18 bgbio login: login on ttyv0 as root Oct 8 23:27:18 bgbio login: ROOT LOGIN (root) ON ttyv0 Oct 8 23:27:41 bgbio telnetd[3460]: connect from root@bgbio.aubg.bg Oct 8 23:27:43 bgbio login: 1 LOGIN FAILURE FROM bgbio.aubg.bg Oct 8 23:27:43 bgbio login: 1 LOGIN FAILURE FROM bgbio.aubg.bg, root "login" has the code for logging implemented in itself. Your problem might be with the configuration of your syslogd - /etc/syslog.conf , which might not be set to log the facility or the level at which "login" logs. Anyway, I do not think that it is a good policy root logins to be allowed from anywhere but the console.