Let's just do this:
puts("Login incorrect");
+ syslog(LOG_WARNING, "invalid password for '%s'%s",
+ username, fromhost);
if (++count == 3) {
- syslog(LOG_WARNING, "invalid password for '%s'%s",
- username, fromhost);
-
if (ENABLE_FEATURE_CLEAN_UP)
free(fromhost);
On Thu, Nov 19, 2020 at 4:28 PM <[email protected]> wrote:
>
> Hi Tito,
>
> having the count configurable is good idea in general. But setting it to 1
> will also influence the user that way that he will be kicked out from getty
> or any program using login after every typing error. I'm ok with 3 attempts
> before returning error code but it should be possible to detect any
> suspicious activity.
>
> Vit
>
> ---------- Original e-mail ----------
> From: tito <[email protected]>
> To: [email protected]
> Datum: 19. 11. 2020 8:11:06
> Subject: Re: Logging of unsuccessful login attempts
>
> Hi
> could making count a configurable option be a solution?
> So that setting e.g CONFIG_MAX_LOGIN_ATTEMPTS to 1
> logs everything and setting it to 3 keeps current behavior?
>
> if (++count == CONFIG_MAX_LOGIN_ATTEMPTS) {
>
> Just my 2 cents.
>
> Ciao,
>
> Tito
> _______________________________________________
> busybox mailing list
> [email protected]
> http://lists.busybox.net/mailman/listinfo/busybox
_______________________________________________
busybox mailing list
[email protected]
http://lists.busybox.net/mailman/listinfo/busybox
