When someone attempts to login into remote desktop, a log entry is created:
This is a log entry for an unknown to the system user: --- Nov 22 16:53:22 snf-11601 xrdp-sesman: pam_unix(xrdp-sesman:auth): check pass; user unknown Nov 22 16:53:22 snf-11601 xrdp-sesman: pam_unix(xrdp-sesman:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= This for an known user: --- Nov 22 16:53:27 snf-11601 xrdp-sesman: pam_unix(xrdp-sesman:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=user However, none of them include the 'rhost' which is important if one wants to create a regex and use fail2ban (or similar) to ban an IP for many failed login attempts. I would like to ask you to include the remote user's IP in the failed attempts logging. Thank you. ------------------------------------------------------------------------------ Monitor your physical, virtual and cloud infrastructure from a single web console. Get in-depth insight into apps, servers, databases, vmware, SAP, cloud infrastructure, etc. Download 30-day Free Trial. Pricing starts from $795 for 25 servers or applications! http://p.sf.net/sfu/zoho_dev2dev_nov _______________________________________________ xrdp-devel mailing list xrdp-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xrdp-devel
