Re: Logging failed console login attempts
> I guess I was expecting more to show up in /var/log/secure or authlog, > or messages. What like, the username? That would be risky, you'd be likely to end up with plain passwords in the logs then.
Re: Logging failed console login attempts
Will H. Backman wrote: > > Dimitry Andric wrote: > > Will H. Backman wrote: > > > >> The console on OpenBSD 3.9 release doesn't seem to log unknown username > >> or failed login attempts anywhere. > >> > > > > See this commit: > > http://www.openbsd.org/cgi-bin/cvsweb/src/etc/syslog.conf#rev1.14 > > > > "Make the default syslog.conf not make the console and root logins > > unusable when problems occur. Provide commented out examples showing > > people how to direct output to /dev/console or as messages to root, > > for situations where such output might acutally be useful, rather than > > something that keeps you from fixing a problem due to the screen > > getting spewed at." > > > I guess I was expecting more to show up in /var/log/secure or authlog, > or messages. > I tried some random wrong password for the root account, and also tried > accounts like "rott", and all I got was: > /var/log/secure > Jul 13 09:30:30 star login: 1 LOGIN FAILURE ON ttyC0, root > /var/log/messages > Jul 13 09:30:30 star login: 1 LOGIN FAILURE ON ttyC0 Automated failed login attempts make an excellent Denial Of Service attack. (if the logs cooperate by using up all available disk space)
Re: Logging failed console login attempts
Dimitry Andric wrote: Will H. Backman wrote: The console on OpenBSD 3.9 release doesn't seem to log unknown username or failed login attempts anywhere. See this commit: http://www.openbsd.org/cgi-bin/cvsweb/src/etc/syslog.conf#rev1.14 "Make the default syslog.conf not make the console and root logins unusable when problems occur. Provide commented out examples showing people how to direct output to /dev/console or as messages to root, for situations where such output might acutally be useful, rather than something that keeps you from fixing a problem due to the screen getting spewed at." I guess I was expecting more to show up in /var/log/secure or authlog, or messages. I tried some random wrong password for the root account, and also tried accounts like "rott", and all I got was: /var/log/secure Jul 13 09:30:30 star login: 1 LOGIN FAILURE ON ttyC0, root /var/log/messages Jul 13 09:30:30 star login: 1 LOGIN FAILURE ON ttyC0
Re: Logging failed console login attempts
Will H. Backman wrote: > The console on OpenBSD 3.9 release doesn't seem to log unknown username > or failed login attempts anywhere. See this commit: http://www.openbsd.org/cgi-bin/cvsweb/src/etc/syslog.conf#rev1.14 "Make the default syslog.conf not make the console and root logins unusable when problems occur. Provide commented out examples showing people how to direct output to /dev/console or as messages to root, for situations where such output might acutally be useful, rather than something that keeps you from fixing a problem due to the screen getting spewed at."
Re: Logging failed console login attempts
On 2006/07/13 09:39, Will H. Backman wrote: > The console on OpenBSD 3.9 release doesn't seem to log unknown username > or failed login attempts anywhere. > Somehow I remember the console being more verbose in previous releases. syslog.conf defaults changed. See the commented-out /dev/console line.