Hello,
we are implementing security monitoring in our project which is built on the
top of BusyBox. I've found out that information about unsuccessful login
attempts is logged to syslog only after the third attempt. This can be a
problem if you want to monitor all login attempts. In addition in case user is
redirected to login e.g. by getty then he is able to reset attempts count and
then there is no log message after any number of attempts. In util-linux login
there is logged every attempt.
I would like to propose following patch to change authentication logging. I
would also propose logging of unsuccessful attempts to /var/log/btmp (lastb)
which seems to be completely missing now. But I want to ask for your opinion
first.
diff --git a/loginutils/login.c b/loginutils/login.c
index 3531d1424..6e346079a 100644
--- a/loginutils/login.c
+++ b/loginutils/login.c
@@ -508,8 +508,9 @@ int login_main(int argc UNUSED_PARAM, char **argv)
bb_do_delay(LOGIN_FAIL_DELAY);
/* TODO: doesn't sound like correct English phrase to me */
puts("Login incorrect");
+ syslog(LOG_WARNING, "invalid password for '%s'%s", username,
fromhost);
if (++count == 3) {
- syslog(LOG_WARNING, "invalid password for '%s'%s",
+ syslog(LOG_WARNING, "too many login attempts for
'%s'%s",
username, fromhost);
if (ENABLE_FEATURE_CLEAN_UP)
Best Regards
Vit
_______________________________________________
busybox mailing list
[email protected]
http://lists.busybox.net/mailman/listinfo/busybox
