[Logcheck-devel] Bug#652148: Bug#652148: Please add rules for dropbear

debian-bugs at nospam.pz.podzone.net debian-bugs at nospam.pz.podzone.net
Sun Dec 18 11:20:57 UTC 2011


Thanks for looking at this.  

I have tested the proposed fix with dropbear 0.51-1 and realised there
are some further log events not mentioned before.

The previous report for successful login used ssh key, however using
password login results in the following log message:

Dec 17 12:51:31 host dropbear[3278]: password auth succeeded for 'user' from ::ffff:82.125.214.201:56807

A failed password login results in the following log messages, which I
think should be made to generate a "Security Events" email:

Dec 17 12:51:18 host dropbear[3237]: bad password attempt for 'user' from ::ffff:82.125.214.201:56806
Dec 17 12:51:22 host dropbear[3237]: exit before auth (user 'user', 3 fails): Exited normally







More information about the Logcheck-devel mailing list