Mark Brown wrote:
On Thu, Aug 28, 2008 at 01:05:19PM +0200, Johan Walles wrote:
2008/8/28 Giacomo A. Catenazzi <[EMAIL PROTECTED]>:
auth.log was invented for this reason, and separated to standard log:
it should be readable only by root, because users do errors.
It's readable by anybody with physical access to the hardware.
Hard disks get stolen all the time [1], and on publicly accessible
machines it's often possible to boot in runlevel 1 or from something
other than the hard disk and access any files you like. That's why
the passwords in /etc/shadow are all hashed, rather than just being
chmodded.
As alternative, you could redirect "auth" syslogd to /dev/null
(or to a pipe that filter results).
Note that the important data are still available in 'last'
(wtmp, btmp).
But I don't think that on normal cases (which sould be the
Debian default) the security is decreased having misstyped
password on auth.log
ciao
cate
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
