Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!mnetor!uunet!husc6!uwvax!oddjob!gargoyle!ihnp4!cbosgd!osu-cis!tut!lvc From: lvc@tut.cis.ohio-state.edu (Lawrence V. Cipriani) Newsgroups: comp.unix.wizards Subject: Re: 60-second timeout in Unix login Message-ID: <2332@tut.cis.ohio-state.edu> Date: Thu, 26-Nov-87 12:14:46 EST Article-I.D.: tut.2332 Posted: Thu Nov 26 12:14:46 1987 Date-Received: Sun, 29-Nov-87 18:14:19 EST References: <4139@venera.isi.edu> <2167@tut.cis.ohio-state.edu> ... Organization: Ohio State Computer & Info Science Lines: 24 Summary: log file security hazards In article <2206@killer.UUCP>, jfh@killer.UUCP (The Beach Bum) writes: ... > > I have considered (and once did) hacking the login sources to log failed > attempts. This helped us find out that someone was attempting to crack > the root account, my account, and the system managers account. > [neat idea deleted] > John F. Haugh II SNAIL: HECI Exploration Co. Inc. I also have changed login to log failed attempts, but there are some hazards here. The user name, tty number, date, and time are logged. But, if the user name is invalid a ? is logged. Sometimes users accidentally enter a password at the login: prompt, so you don't want to log it. Some security changes I am considering now are to 1) if someone tries to login as root on other than the console, immediately start spinning (and never print a message about root being able to login only on the console) (just an annoyance really), and 2) prohibit passwords that are a) letters followed by numbers, b) numbers followed by letters, or c) contain the user login name. For example, Larry99 99Larry and lvc.tut are all poor passwords.