Hello Martin, * martin f krafft <[EMAIL PROTECTED]>, [2006-05-07 9:11 +0200]: > Thus, I am considering to mask out entries of the following sort > with logcheck: > > sshd[5998]: (pam_unix) authentication failure; logname= uid=0 euid=0 > tty=ssh ruser= rhost=160.29.165.133 user=root > sshd[5998]: Failed password for root from 160.29.165.133 port 47130 ssh2 > > but somehow am not comfortable to just do it, which is why I am > asking for opinions, advice, and feedback from you guys. Would you > be able to think of reasons why I would *not* want to do that?
The only situation I've been able to imagine is a human error leading to
a change to your security policy.
For instance, a co-worker which temporary allows remote root logins, god
knows why. I'd be sad of my choice of filtering out root login attempts
in that case.
ciao,
ema
signature.asc
Description: Digital signature
