A better "login"
Andrew Tannenbaum
trb at ima.ISC.COM
Sat Jul 9 07:17:06 AEST 1988
In article <8807012337.AA01934 at jade.berkeley.edu> ERICMC at USU.BITNET (E Tye McQueen) writes:
> I am looking for a replacement for the Unix program "login" that would
> allow monitoring of failed logins.
Both 4.3BSD and SVR3 login allow monitoring of failed logins, to some extent.
4.3BSD logs data to the system error logger, which ends up getting printed
on the console and stored in files.
Beware of reporting the "login name" strings associated with login
failures, as they are likely to be passwords. I think 4.3BSD (wisely)
only reports the terminal line associated with the failure, but if
you have the logging feature enabled in 5.3 login, in the case of
repeated login failures, it logs the "login name" to the system console
as part of the warning notification. (This is a guess on my part, I
don't have a 5.3 login handy with this feature enabled to verify it.)
Giving a person access to a room that has such a console listing can be
quite dangerous, since a mischievous person need only mentally note the
password, and then do his nasties later from the privacy of a dialup
line.
It's a security hole, in the guise of a security feature.
Don't hack your login to log failed guesses.
Be careful out there, crimestoppers.
Andrew Tannenbaum Interactive Boston, MA +1 617 247 1155
More information about the Comp.unix.questions
mailing list