On Tue, March 30, 2010 11:01 am, Walter wrote: > Hi, all. Despite my lack of response (sorry), I've been > working on a security program. Right now it uses auth.log > to identify failed login attempts via telnet, ftp, and (of > course) ssh. I'm planning on "hard coding" this unless > someone tells me I should look at other log files too.
If there's an action it can take based on failed logins, make sure there's a way to fix it - you don't want to unintentionally allow a DOS attack. I think that was discussed before. How would you catch repeated attempts to log in through an HTTP interface? Those are often better for brute force guessing due to a lack of rate limiting. I don't know if that's solvable.
