On Wed, 10 Apr 2013, Rainer Gerhards wrote:
On Wed, 2013-04-10 at 11:23 +0200, Igor Sverkos wrote:
Hi,
David Lang wrote:
This is a good point, but you are missing the fact that you are already
logging passwords.
You are logging failed login attempts, right?
We are logging login attempts, but we don't log the used credentials
(only the account name). So we see things like
David's point was subtle, you should re-read his mail very carefully. In
short, he said users sometimes mistype the password when the account is
asked for (so it gets logged) and then immediately correct it (So that
you can guess the account name).
Exactly, if you just log the username that they try to login as, someone will
type the userid into the password field and the password into the username
field.
I find this especially common with GUI logins, the user goes to type their
userid and password, but end up in the wrong box and reverse them
But even with command line logins, I've seen it happen.
So, if you are logging the userid of failed logins, at some point you will
record someone's password instead.
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
