On Wed, 18 Nov 2020 17:34:50 +0100 (CET) <x...@seznam.cz> wrote: > Hello, > we are implementing security monitoring in our project which is built > on the top of BusyBox. I've found out that information about > unsuccessful login attempts is logged to syslog only after the third > attempt. This can be a problem if you want to monitor all login > attempts. In addition in case user is redirected to login e.g. by > getty then he is able to reset attempts count and then there is no > log message after any number of attempts. In util-linux login there > is logged every attempt. > > I would like to propose following patch to change authentication > logging. I would also propose logging of unsuccessful attempts > to /var/log/btmp (lastb) which seems to be completely missing now. > But I want to ask for your opinion first. > > diff --git a/loginutils/login.c b/loginutils/login.c > index 3531d1424..6e346079a 100644 > --- a/loginutils/login.c > +++ b/loginutils/login.c > @@ -508,8 +508,9 @@ int login_main(int argc UNUSED_PARAM, char **argv) > bb_do_delay(LOGIN_FAIL_DELAY); > /* TODO: doesn't sound like correct English phrase to > me */ puts("Login incorrect"); > + syslog(LOG_WARNING, "invalid password for '%s'%s", Hi could making count a configurable option be a solution? So that setting e.g CONFIG_MAX_LOGIN_ATTEMPTS to 1 logs everything and setting it to 3 keeps current behavior?
if (++count == CONFIG_MAX_LOGIN_ATTEMPTS) { Just my 2 cents. Ciao, Tito > username, fromhost); if (++count == 3) { > - syslog(LOG_WARNING, "invalid password for > '%s'%s", > + syslog(LOG_WARNING, "too many login attempts > for '%s'%s", username, fromhost); > > if (ENABLE_FEATURE_CLEAN_UP) > > Best Regards > > Vit _______________________________________________ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox