Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!uunet!husc6!uwvax!oddjob!gargoyle!ihnp4!cbosgd!osu-cis!tut!lvc
From: lvc@tut.cis.ohio-state.edu (Lawrence V. Cipriani)
Newsgroups: comp.unix.wizards
Subject: Re: 60-second timeout in Unix login
Message-ID: <2332@tut.cis.ohio-state.edu>
Date: Thu, 26-Nov-87 12:14:46 EST
Article-I.D.: tut.2332
Posted: Thu Nov 26 12:14:46 1987
Date-Received: Sun, 29-Nov-87 18:14:19 EST
References: <4139@venera.isi.edu> <2167@tut.cis.ohio-state.edu> ...
Organization: Ohio State Computer & Info Science
Lines: 24
Summary: log file security hazards

In article <2206@killer.UUCP>, jfh@killer.UUCP (The Beach Bum) writes:
	...
> 
> I have considered (and once did) hacking the login sources to log failed
> attempts.  This helped us find out that someone was attempting to crack
> the root account, my account, and the system managers account.
> 
	[neat idea deleted]

> John F. Haugh II                  SNAIL:  HECI Exploration Co. Inc.

I also have changed login to log failed attempts, but there are some
hazards here.  The user name, tty number, date, and time are logged.
But, if the user name is invalid a ? is logged.  Sometimes users
accidentally enter a password at the login: prompt, so you don't want
to log it.

Some security changes I am considering now are to 1) if someone tries
to login as root on other than the console, immediately start spinning
(and never print a message about root being able to login only on the
console) (just an annoyance really), and 2) prohibit passwords that
are a) letters followed by numbers, b) numbers followed by letters, or
c) contain the user login name.  For example, Larry99 99Larry and
lvc.tut are all poor passwords.