Path: utzoo!utgpu!water!watmath!clyde!ima!trb From: trb@ima.ISC.COM (Andrew Tannenbaum) Newsgroups: comp.unix.questions Subject: Re: A better "login" Message-ID: <1371@ima.ISC.COM> Date: 8 Jul 88 21:17:06 GMT References: <8807012337.AA01934@jade.berkeley.edu> Reply-To: trb@ima.UUCP (Andrew Tannenbaum) Organization: Interactive Systems, Boston, MA Lines: 27 In article <8807012337.AA01934@jade.berkeley.edu> ERICMC@USU.BITNET (E Tye McQueen) writes: > I am looking for a replacement for the Unix program "login" that would > allow monitoring of failed logins. Both 4.3BSD and SVR3 login allow monitoring of failed logins, to some extent. 4.3BSD logs data to the system error logger, which ends up getting printed on the console and stored in files. Beware of reporting the "login name" strings associated with login failures, as they are likely to be passwords. I think 4.3BSD (wisely) only reports the terminal line associated with the failure, but if you have the logging feature enabled in 5.3 login, in the case of repeated login failures, it logs the "login name" to the system console as part of the warning notification. (This is a guess on my part, I don't have a 5.3 login handy with this feature enabled to verify it.) Giving a person access to a room that has such a console listing can be quite dangerous, since a mischievous person need only mentally note the password, and then do his nasties later from the privacy of a dialup line. It's a security hole, in the guise of a security feature. Don't hack your login to log failed guesses. Be careful out there, crimestoppers. Andrew Tannenbaum Interactive Boston, MA +1 617 247 1155