[Logcheck-devel] Bug#652148: Bug#652148: Please add rules for dropbear
debian-bugs at nospam.pz.podzone.net
debian-bugs at nospam.pz.podzone.net
Sun Dec 18 11:20:57 UTC 2011
Thanks for looking at this.
I have tested the proposed fix with dropbear 0.51-1 and realised there
are some further log events not mentioned before.
The previous report for successful login used ssh key, however using
password login results in the following log message:
Dec 17 12:51:31 host dropbear[3278]: password auth succeeded for 'user' from ::ffff:82.125.214.201:56807
A failed password login results in the following log messages, which I
think should be made to generate a "Security Events" email:
Dec 17 12:51:18 host dropbear[3237]: bad password attempt for 'user' from ::ffff:82.125.214.201:56806
Dec 17 12:51:22 host dropbear[3237]: exit before auth (user 'user', 3 fails): Exited normally
More information about the Logcheck-devel
mailing list