[Logcheck-devel] no such user
maximilian attems
maks at sternwelten.at
Wed Jul 5 21:19:01 UTC 2006
On Wed, Jul 05, 2006 at 05:26:15PM -0400, Todd Troxell wrote:
> On Wed, Jul 05, 2006 at 04:43:00PM +0200, martin f krafft wrote:
> > also sprach Todd Troxell <ttroxell at debian.org> [2006.07.05.1321 +0200]:
> > > I thought this was previously debated, though I can't locate the thread, so I
> > > may be making that up.
> > >
> > > Anyway, my opinion is that it's safe to ignore. An attempt to brute-force
> > > would log mis-authentication of real users anyway.
> >
> > okay. This would mean maybe another 7 commits from me. Want me to
> > wait for the next release?
the policy was previously different, we wanted to show login attempts.
as the server should be protected by iptables and if not we would warn.
although many of our users disagreed. so i'm a bit biased on that point.
the important question is what should logcheck show in the mails:
server restarts, unsucessfull login attempts, anomalies??
so if the first two are skipped what is left?
empty mails might give the users a sense of security although the
host has been breached. anyway logcheck is not a realtime monitor.
happy to hear your thought so that we can better focus on what
logcheck should do.
--
maks
More information about the Logcheck-devel
mailing list