Red Hat Bugzilla – Bug 83097
some important services are not being monitored
Last modified: 2008-05-01 11:38:05 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3a) Gecko/20021212
Description of problem:
I have been fiddling about for some time, trying to figure out what it took to
make logwatch report stuff like failed root logins, failed logins with unknown
usernames ans failed user logins.
As it turns out, it seems that the service logged in messages, pam_unix does not
have a conf/script on the RedHat 8.0 version of logwatch.
Quickly i turned to my Phoebe box to see how everything looked there and in
respect of supporting services, things looked very promising... Phoebe has, to
name a few; pam_unix, disk_space, raid. All modules that the Red Hat 8.0 version
does not have and that I think is actually critical!
Especially pam_unix, as currently, watching the mails sent from logwatch will
not alert you if someone is trying to bruteforce your root account for instance.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. login as root, but type a bad password
2. login as an unknown user khklj(?) with any password
3. make an ssh connection to the mashine as root, and type a bad password
4. run logwatch --range today --print
Actual Results: Nothing regarding all the failed login attempts are reported
Expected Results: All the failed login attempts should be reported
so, which one is the correct one to edit? they are both exactly the same. :P
This isn't near the level of urgency it would need for us to release an 8.0
logwatch errata, especially since you can take the Phoebe logwatch and nstall it
on 8.0 very easily.
As far as logwatch.conf, /etc/log.d/logwatch.conf is a symlink to